diff options
| author |   Achim Gottinger <achim@gentoo.org> | 2000-08-10 01:53:40 +0000 |
|---|---|---|
| committer | Achim Gottinger <achim@gentoo.org> | 2000-08-10 01:53:40 +0000 |
| commit | 42d07e248f709a604942abe6162611dbe9b05ae7 (patch) | |
| tree | fd641b6b323b312c28a034c82f6b96397bfa3524 /net-www | |
| parent | *** empty log message *** (diff) | |
| download | gentoo-2-42d07e248f709a604942abe6162611dbe9b05ae7.tar.gz gentoo-2-42d07e248f709a604942abe6162611dbe9b05ae7.tar.bz2 gentoo-2-42d07e248f709a604942abe6162611dbe9b05ae7.zip | |
*** empty log message ***
Diffstat (limited to 'net-www')
26 files changed, 5169 insertions, 0 deletions
diff --git a/net-www/apache-ssl/apache-ssl-1.3.12-2.6.5-r1.ebuild b/net-www/apache-ssl/apache-ssl-1.3.12-2.6.5-r1.ebuild new file mode 100644 index 000000000000..242cb4d5bb73 --- /dev/null +++ b/net-www/apache-ssl/apache-ssl-1.3.12-2.6.5-r1.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/net-www/apache-ssl/apache-ssl-1.3.12-2.6.5-r1.ebuild,v 1.1 2000/08/10 01:53:39 achim Exp $ + +P=apache-ssl-1.3.12-2.6.5 +A="apache_1.3.12.tar.gz mod_ssl-2.6.5-1.3.12.tar.gz" +S=${WORKDIR}/apache_1.3.12 +CATEGORY="net-www" +DESCRIPTION="The Apache Web Server v1.3.12 with mod_ssl" +SRC_URI="http://www.apache.de/dist/apache_1.3.12.tar.gz + ftp://ftp.modssl.org/source/mod_ssl-2.6.5-1.3.12.tar.gz" +HOMEPAGE="http://www.apache.org http://www.modssl.org" + + +src_compile() { + export SSL_BASE=SYSTEM + cd ${S}/../mod_ssl-2.6.5-1.3.12 + ./configure --with-apache=${S} --with-ssl=SYSTEM + cd ${S} + ./configure --prefix=/usr/local/httpd --bindir=/usr/bin \ + --sbindir=/usr/sbin --datadir=/usr/local/httpd \ + --sysconfdir=/etc/httpd --libexecdir=/usr/lib/apache \ + --mandir=/usr/man --logfiledir=/var/log/apache --localstatedir=/var/lock \ + --proxycachedir=/var/cache/httpd --includedir=/usr/include/apache \ + --enable-module=all --enable-module=ssl \ + --enable-shared=max --enable-suexec --suexec-caller=wwwrun \ + --suexec-userdir=public_html --suexec-uidmin=96 \ + --suexec-gidmin=96 --suexec-safepath="/bin:/usr/bin" + make +} + +src_install() { + cd ${S} + make install-quiet root=${D} + prepman + + dodoc ABOUT_APACHE Announcement INSTALL* KEYS LICENSE* README* WARNING* + docinto mod_ssl + cd ../mod_ssl-2.6.5-1.3.12 + dodoc ANNOUNCE CHANGES CREDITS INSTALL* LICENSE NEWS README* + dodir /etc/rc.d/init.d + cp ${O}/files/httpd.conf ${D}/etc/httpd + cp ${O}/files/httpd ${D}/etc/rc.d/init.d +} + +pkg_config() { + + source ${ROOT}/var/lib/packages/install.config + + # Make apache start at boot + ${ROOT}/usr/sbin/rc-update add httpd + + # Set ServerName and ServerAdmin + cp ${ROOT}/etc/httpd/httpd.conf ${ROOT}/etc/httpd/httpd.conf.orig + sed -e "s/\#ServerName.*/ServerName $ServerName/" \ + -e "s/^ServerAdmin.*/ServerAdmin $ServerAdmin/" \ + ${ROOT}/etc/httpd/httpd.conf.orig > ${ROOT}/etc/httpd/httpd.conf + +} + diff --git a/net-www/apache-ssl/files/digest b/net-www/apache-ssl/files/digest new file mode 100644 index 000000000000..77dd3c6121e4 --- /dev/null +++ b/net-www/apache-ssl/files/digest @@ -0,0 +1,2 @@ +MD5 de3ccff384b0d4ab94c3251cb85d49d2 apache_1.3.12.tar.gz +MD5 1b7e28c23e0235540df0549b243fac19 mod_ssl-2.6.5-1.3.12.tar.gz diff --git a/net-www/apache-ssl/files/httpd b/net-www/apache-ssl/files/httpd new file mode 100755 index 000000000000..e9a9ff5f2ddb --- /dev/null +++ b/net-www/apache-ssl/files/httpd @@ -0,0 +1,115 @@ +#!/bin/sh +#RCUPDATE:3 4:75:This line is required for script management +# + +. /etc/rc.d/config/functions + +# Apache control script designed to allow an easy command line interface +# to controlling Apache. Written by Marc Slemko, 1997/08/23 +# +# The exit codes returned are: +# 0 - operation completed successfully +# 1 - +# 2 - usage error +# 3 - httpd could not be started +# 4 - httpd could not be stopped +# 5 - httpd could not be started during a restart +# 6 - httpd could not be restarted during a restart +# 7 - httpd could not be restarted during a graceful restart +# 8 - configuration syntax error +# +# When multiple arguments are given, only the error from the _last_ +# one is reported. Run "apachectl help" for usage info +# +# +# |||||||||||||||||||| START CONFIGURATION SECTION |||||||||||||||||||| +# -------------------- -------------------- +# +# the path to your PID file +PIDFILE=/var/run/httpd.pid +# +# the path to your httpd binary, including options if necessary +HTTPD=/usr/sbin/httpd +# +# a command that outputs a formatted text version of the HTML at the +# url given on the command line. Designed for lynx, however other +# programs may work. +LYNX="lynx -dump" +# +# the URL to your server's mod_status status page. If you do not +# have one, then status and fullstatus will not work. +STATUSURL="http://localhost/server-status" +# +# -------------------- -------------------- +# |||||||||||||||||||| END CONFIGURATION SECTION |||||||||||||||||||| + +ERROR=0 +ARGV="$@" + +if [ "x$ARGV" = "x" ] ; then + ARGS="help" +fi + + # check for pidfile + if [ -f $PIDFILE ] ; then + PID=`cat $PIDFILE` + if [ "x$PID" != "x" ] && kill -0 $PID 2>/dev/null ; then + STATUS="httpd (pid $PID) running" + RUNNING=1 + else + STATUS="httpd (pid $PID?) not running" + RUNNING=0 + fi + else + STATUS="httpd (no pid file) not running" + RUNNING=0 + fi + +SERVICE="Apache Webserver" +opts="start stop restart status" + +start() { + if [ $RUNNING -eq 1 ]; then + echo "$0 $ARG: httpd (pid $PID) already running" + continue + fi + ebegin "Starting service $SERVICE..." + start-stop-daemon --quiet --start --exec $HTTPD 1>&2 + eend $? "Error starting $SERVICE" +} + +stop() { + + if [ $RUNNING -eq 0 ]; then + echo "$0 $ARG: $STATUS" + fi + ebegin "Stopping serveice $SERVICE..." + start-stop-daemon --quiet --stop --pid $PIDFILE 1>&2 + eend $? "Error stopping $SERVICE" +} + +restart () { + + stop + start + +} + +status() { + $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' +} + +fullstatus () { + $LYNX $STATUSURL +} + +configtest () { + if $HTTPD -t; then + : + else + ERROR=8 + fi +} + +doservice ${@} + diff --git a/net-www/apache-ssl/files/httpd.conf b/net-www/apache-ssl/files/httpd.conf new file mode 100644 index 000000000000..528dece55198 --- /dev/null +++ b/net-www/apache-ssl/files/httpd.conf @@ -0,0 +1,1266 @@ +## +## httpd.conf -- Apache HTTP server configuration file +## + +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See <URL:http://www.apache.org/docs/> for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# After this file is processed, the server will look for and process +# /usr/local/httpd/conf/srm.conf and then /usr/local/httpd/conf/access.conf +# unless you have overridden these with ResourceConfig and/or +# AccessConfig directives here. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" +# with ServerRoot set to "/usr/local/apache" will be interpreted by the +# server as "/usr/local/apache/logs/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# ServerType is either inetd, or standalone. Inetd mode is only supported on +# Unix platforms. +# +ServerType standalone + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation +# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "/usr/local/httpd" + +# +# The LockFile directive sets the path to the lockfile used when Apache +# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or +# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at +# its default value. The main reason for changing it is if the logs +# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL +# DISK. The PID of the main server process is automatically appended to +# the filename. +# +#LockFile /usr/local/httpd/logs/httpd.lock + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +PidFile /var/run/httpd.pid + +# +# ScoreBoardFile: File used to store internal server process information. +# Not all architectures require this. But if yours does (you'll know because +# this file will be created when you run Apache) then you *must* ensure that +# no two invocations of Apache share the same scoreboard file. +# +ScoreBoardFile /usr/local/httpd/logs/httpd.scoreboard + +# +# In the standard configuration, the server will process this file, +# srm.conf, and access.conf in that order. The latter two files are +# now distributed empty, as it is recommended that all directives +# be kept in a single file for simplicity. The commented-out values +# below are the built-in defaults. You can have the server ignore +# these files altogether by using "/dev/null" (for Unix) or +# "nul" (for Win32) for the arguments to the directives. +# +#ResourceConfig conf/srm.conf +#AccessConfig conf/access.conf + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +# +# Server-pool size regulation. Rather than making you guess how many +# server processes you need, Apache dynamically adapts to the load it +# sees --- that is, it tries to maintain enough server processes to +# handle the current load, plus a few spare servers to handle transient +# load spikes (e.g., multiple simultaneous requests from a single +# Netscape browser). +# +# It does this by periodically checking how many servers are waiting +# for a request. If there are fewer than MinSpareServers, it creates +# a new spare. If there are more than MaxSpareServers, some of the +# spares die off. The default values are probably OK for most sites. +# +MinSpareServers 5 +MaxSpareServers 10 + +# +# Number of servers to start initially --- should be a reasonable ballpark +# figure. +# +StartServers 5 + +# +# Limit on total number of servers running, i.e., limit on the number +# of clients who can simultaneously connect --- if this limit is ever +# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. +# It is intended mainly as a brake to keep a runaway server from taking +# the system with it as it spirals down... +# +MaxClients 150 + +# +# MaxRequestsPerChild: the number of requests each child process is +# allowed to process before the child dies. The child will exit so +# as to avoid problems after prolonged use when Apache (and maybe the +# libraries it uses) leak memory or other resources. On most systems, this +# isn't really needed, but a few (such as Solaris) do have notable leaks +# in the libraries. For these platforms, set to something like 10000 +# or so; a setting of 0 means unlimited. +# +# NOTE: This value does not include keepalive requests after the initial +# request per connection. For example, if a child process handles +# an initial request and 10 subsequent "keptalive" requests, it +# would only count as 1 request towards this limit. +# +MaxRequestsPerChild 0 + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, in addition to the default. See also the <VirtualHost> +# directive. +# +#Listen 3000 +#Listen 12.34.56.78:80 + +# +# BindAddress: You can support virtual hosts with this option. This directive +# is used to tell the server which IP address to listen to. It can either +# contain "*", an IP address, or a fully qualified Internet domain name. +# See also the <VirtualHost> and Listen directives. +# +#BindAddress * + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Please read the file README.DSO in the Apache 1.3 distribution for more +# details about the DSO mechanism and run `httpd -l' for the list of already +# built-in (statically linked and thus always available) modules in your httpd +# binary. +# +# Note: The order is which modules are loaded is important. Don't change +# the order below without expert advice. +# +# Example: +# LoadModule foo_module libexec/mod_foo.so +LoadModule mmap_static_module /usr/lib/apache/mod_mmap_static.so +LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so +LoadModule env_module /usr/lib/apache/mod_env.so +LoadModule define_module /usr/lib/apache/mod_define.so +LoadModule config_log_module /usr/lib/apache/mod_log_config.so +LoadModule agent_log_module /usr/lib/apache/mod_log_agent.so +LoadModule referer_log_module /usr/lib/apache/mod_log_referer.so +LoadModule mime_magic_module /usr/lib/apache/mod_mime_magic.so +LoadModule mime_module /usr/lib/apache/mod_mime.so +LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so +LoadModule status_module /usr/lib/apache/mod_status.so +LoadModule info_module /usr/lib/apache/mod_info.so +LoadModule includes_module /usr/lib/apache/mod_include.so +LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so +LoadModule dir_module /usr/lib/apache/mod_dir.so +LoadModule cgi_module /usr/lib/apache/mod_cgi.so +LoadModule asis_module /usr/lib/apache/mod_asis.so +LoadModule imap_module /usr/lib/apache/mod_imap.so +LoadModule action_module /usr/lib/apache/mod_actions.so +LoadModule speling_module /usr/lib/apache/mod_speling.so +LoadModule userdir_module /usr/lib/apache/mod_userdir.so +LoadModule alias_module /usr/lib/apache/mod_alias.so +LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so +LoadModule access_module /usr/lib/apache/mod_access.so +LoadModule auth_module /usr/lib/apache/mod_auth.so +LoadModule anon_auth_module /usr/lib/apache/mod_auth_anon.so +LoadModule dbm_auth_module /usr/lib/apache/mod_auth_dbm.so +LoadModule db_auth_module /usr/lib/apache/mod_auth_db.so +LoadModule digest_module /usr/lib/apache/mod_digest.so +LoadModule proxy_module /usr/lib/apache/libproxy.so +LoadModule cern_meta_module /usr/lib/apache/mod_cern_meta.so +LoadModule expires_module /usr/lib/apache/mod_expires.so +LoadModule headers_module /usr/lib/apache/mod_headers.so +LoadModule usertrack_module /usr/lib/apache/mod_usertrack.so +LoadModule example_module /usr/lib/apache/mod_example.so +LoadModule unique_id_module /usr/lib/apache/mod_unique_id.so +LoadModule setenvif_module /usr/lib/apache/mod_setenvif.so +#LoadModule php4_module /usr/lib/apache/libphp4.so +#LoadModule jserv_module /usr/lib/apache/mod_jserv.so +#LoadModule zmod_module /usr/lib/apache/mod_zmod.so +<IfDefine SSL> +LoadModule ssl_module /usr/lib/apache/libssl.so +</IfDefine> + +# Reconstruction of the complete module list from all available modules +# (static and shared ones) to achieve correct module execution order. +# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO] +ClearModuleList +AddModule mod_mmap_static.c +AddModule mod_vhost_alias.c +AddModule mod_env.c +AddModule mod_define.c +AddModule mod_log_config.c +AddModule mod_log_agent.c +AddModule mod_log_referer.c +AddModule mod_mime_magic.c +AddModule mod_mime.c +AddModule mod_negotiation.c +AddModule mod_status.c +AddModule mod_info.c +AddModule mod_include.c +AddModule mod_autoindex.c +AddModule mod_dir.c +AddModule mod_cgi.c +AddModule mod_asis.c +AddModule mod_imap.c +AddModule mod_actions.c +AddModule mod_speling.c +AddModule mod_userdir.c +AddModule mod_alias.c +AddModule mod_rewrite.c +AddModule mod_access.c +AddModule mod_auth.c +AddModule mod_auth_anon.c +AddModule mod_auth_dbm.c +AddModule mod_auth_db.c +AddModule mod_digest.c +AddModule mod_proxy.c +AddModule mod_cern_meta.c +AddModule mod_expires.c +AddModule mod_headers.c +AddModule mod_usertrack.c +AddModule mod_example.c +AddModule mod_unique_id.c +AddModule mod_so.c +AddModule mod_setenvif.c +#AddModule mod_php4.c +#AddModule mod_jserv.c +#AddModule mod_zmod.c +<IfDefine SSL> +AddModule mod_ssl.c +</IfDefine> + +# +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. The default is Off. +# +#ExtendedStatus On + +### Section 2: 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# <VirtualHost> definition. These values also provide defaults for +# any <VirtualHost> containers you may define later in the file. +# +# All of these directives may appear inside <VirtualHost> containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# If your ServerType directive (set earlier in the 'Global Environment' +# section) is set to "inetd", the next few directives don't have any +# effect since their settings are defined by the inetd configuration. +# Skip ahead to the ServerAdmin directive. +# + +# +# Port: The port to which the standalone server listens. For +# ports < 1023, you will need httpd to be run as root initially. +# +Port 80 + +## +## SSL Support +## +## When we also provide SSL we have to listen to the +## standard HTTP port (see above) and to the HTTPS port +## +<IfDefine SSL> +Listen 80 +Listen 443 +</IfDefine> + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# . On SCO (ODT 3) use "User nouser" and "Group nogroup". +# . On HPUX you may not be able to use shared memory as nobody, and the +# suggested workaround is to create a user www and use that user. +# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) +# when the value of (unsigned)Group is above 60000; +# don't use Group nobody on these systems! +# +User nobody +Group nobody + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. +# +ServerAdmin webmaster@linux.bagwan + +# +# ServerName allows you to set a host name which is sent back to clients for +# your server if it's different than the one the program would get (i.e., use +# "www" instead of the host's real name). +# +# Note: You cannot just invent host names and hope they work. The name you +# define here must be a valid DNS name for your host. If you don't understand +# this, ask your network administrator. +# If your host doesn't have a registered DNS name, enter its IP address here. +# You will have to access it by its address (e.g., http://123.45.67.89/) +# anyway, and this will make redirections work in a sensible way. +# +#ServerName linux + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/usr/local/httpd/htdocs" + +# +# Each directory to which Apache has access, can be configured with respect +# to which services and features are allowed and/or disabled in that +# directory (and its subdirectories). +# +# First, we configure the "default" to be a very restrictive set of +# permissions. +# +<Directory /> + Options FollowSymLinks + AllowOverride None +</Directory> + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# This should be changed to whatever you set DocumentRoot to. +# +<Directory "/usr/local/httpd/htdocs"> + +# +# This may also be "None", "All", or any combination of "Indexes", +# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". +# +# Note that "MultiViews" must be named *explicitly* --- "Options All" +# doesn't give it to you. +# + Options Indexes FollowSymLinks MultiViews + +# +# This controls which options the .htaccess files in directories can +# override. Can also be "All", or any combination of "Options", "FileInfo", +# "AuthConfig", and "Limit" +# + AllowOverride None + +# +# Controls who can get stuff from this server. +# + Order allow,deny + Allow from all +</Directory> + +# +# UserDir: The name of the directory which is appended onto a user's home +# directory if a ~user request is received. +# +<IfModule mod_userdir.c> + UserDir public_html +</IfModule> + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# +#<Directory /home/*/public_html> +# AllowOverride FileInfo AuthConfig Limit +# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec +# <Limit GET POST OPTIONS PROPFIND> +# Order allow,deny +# Allow from all +# </Limit> +# <LimitExcept GET POST OPTIONS PROPFIND> +# Order deny,allow +# Deny from all +# </LimitExcept> +#</Directory> + +# +# DirectoryIndex: Name of the file or files to use as a pre-written HTML +# directory index. Separate multiple entries with spaces. +# +<IfModule mod_dir.c> + DirectoryIndex index.html +</IfModule> + +# +# AccessFileName: The name of the file to look for in each directory +# for access control information. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess files from being viewed by +# Web clients. Since .htaccess files often contain authorization +# information, access is disallowed for security reasons. Comment +# these lines out if you want Web visitors to see the contents of +# .htaccess files. If you change the AccessFileName directive above, +# be sure to make the corresponding changes here. +# +# Also, folks tend to use names such as .htpasswd for password +# files, so this will protect those as well. +# +<Files ~ "^\.ht"> + Order allow,deny + Deny from all +</Files> + +# +# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each +# document that was negotiated on the basis of content. This asks proxy +# servers not to cache the document. Uncommenting the following line disables +# this behavior, and proxies will be allowed to cache the documents. +# +#CacheNegotiatedDocs + +# +# UseCanonicalName: (new for 1.3) With this setting turned on, whenever +# Apache needs to construct a self-referencing URL (a URL that refers back +# to the server the response is coming from) it will use ServerName and +# Port to form a "canonical" name. With this setting off, Apache will +# use the hostname:port that the client supplied, when possible. This +# also affects SERVER_NAME and SERVER_PORT in CGI scripts. +# +UseCanonicalName On + +# +# TypesConfig describes where the mime.types file (or equivalent) is +# to be found. +# +<IfModule mod_mime.c> + TypesConfig /etc/httpd/mime.types +</IfModule> + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# mod_mime_magic is not part of the default server (you have to add +# it yourself with a LoadModule [see the DSO paragraph in the 'Global +# Environment' section], or recompile the server and include mod_mime_magic +# as part of the configuration), so it's enclosed in an <IfModule> container. +# This means that the MIMEMagicFile directive will only be processed if the +# module is part of the server. +# +<IfModule mod_mime_magic.c> + MIMEMagicFile /etc/httpd/magic +</IfModule> + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog /var/log/apache/error_log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# +# The location and format of the access logfile (Common Logfile Format). +# If you do not define any access logfiles within a <VirtualHost> +# container, they will be logged here. Contrariwise, if you *do* +# define per-<VirtualHost> access logfiles, transactions will be +# logged therein and *not* in this file. +# +CustomLog /var/log/apache/access_log common + +# +# If you would like to have agent and referer logfiles, uncomment the +# following directives. +# +#CustomLog /usr/local/httpd/logs/referer_log referer +#CustomLog /usr/local/httpd/logs/agent_log agent + +# +# If you prefer a single logfile with access, agent, and referer information +# (Combined Logfile Format) you can use the following directive. +# +#CustomLog /usr/local/httpd/logs/access_log combined + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (error documents, FTP directory listings, +# mod_status and mod_info output etc., but not CGI generated documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature On + +# +# Aliases: Add here as many aliases as you need (with no limit). The format is +# Alias fakename realname +# +<IfModule mod_alias.c> + + # + # Note that if you include a trailing / on fakename then the server will + # require it to be present in the URL. So "/icons" isn't aliased in this + # example, only "/icons/".. + # + Alias /icons/ "/usr/local/httpd/icons/" + + <Directory "/usr/local/httpd/icons"> + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + </Directory> + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the realname directory are treated as applications and + # run by the server when requested rather than as documents sent to the client. + # The same rules about trailing "/" apply to ScriptAlias directives as to + # Alias. + # + ScriptAlias /cgi-bin/ "/usr/local/httpd/cgi-bin/" + + # + # "/usr/local/httpd/cgi-bin" should be changed to whatever your ScriptAliased + # CGI directory exists, if you have that configured. + # + <Directory "/usr/local/httpd/cgi-bin"> + AllowOverride None + Options None + Order allow,deny + Allow from all + </Directory> + +</IfModule> +# End of aliases. + +# +# Redirect allows you to tell clients about documents which used to exist in +# your server's namespace, but do not anymore. This allows you to tell the +# clients where to look for the relocated document. +# Format: Redirect old-URI new-URL +# + +# +# Directives controlling the display of server-generated directory listings. +# +<IfModule mod_autoindex.c> + + # + # FancyIndexing is whether you want fancy directory indexing or standard + # + IndexOptions FancyIndexing + + # + # AddIcon* directives tell the server which icon to show for different + # files or filename extensions. These are only displayed for + # FancyIndexed directories. + # + AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + + AddIconByType (TXT,/icons/text.gif) text/* + AddIconByType (IMG,/icons/image2.gif) image/* + AddIconByType (SND,/icons/sound2.gif) audio/* + AddIconByType (VID,/icons/movie.gif) video/* + + AddIcon /icons/binary.gif .bin .exe + AddIcon /icons/binhex.gif .hqx + AddIcon /icons/tar.gif .tar + AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv + AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip + AddIcon /icons/a.gif .ps .ai .eps + AddIcon /icons/layout.gif .html .shtml .htm .pdf + AddIcon /icons/text.gif .txt + AddIcon /icons/c.gif .c + AddIcon /icons/p.gif .pl .py + AddIcon /icons/f.gif .for + AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex + AddIcon /icons/bomb.gif core + + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README + AddIcon /icons/folder.gif ^^DIRECTORY^^ + AddIcon /icons/blank.gif ^^BLANKICON^^ + + # + # DefaultIcon is which icon to show for files which do not have an icon + # explicitly set. + # + DefaultIcon /icons/unknown.gif + + # + # AddDescription allows you to place a short description after a file in + # server-generated indexes. These are only displayed for FancyIndexed + # directories. + # Format: AddDescription "description" filename + # + #AddDescription "GZIP compressed document" .gz + #AddDescription "tar archive" .tar + #AddDescription "GZIP compressed tar archive" .tgz + + # + # ReadmeName is the name of the README file the server will look for by + # default, and append to directory listings. + # + # HeaderName is the name of a file which should be prepended to + # directory indexes. + # + # If MultiViews are amongst the Options in effect, the server will + # first look for name.html and include it if found. If name.html + # doesn't exist, the server will then look for name.txt and include + # it as plaintext if found. + # + ReadmeName README + HeaderName HEADER + + # + # IndexIgnore is a set of filenames which directory indexing should ignore + # and not include in the listing. Shell-style wildcarding is permitted. + # + IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + +</IfModule> +# End of indexing directives. + +# +# Document types. +# +<IfModule mod_mime.c> + + # + # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress + # information on the fly. Note: Not all browsers support this. + # Despite the name similarity, the following Add* directives have nothing + # to do with the FancyIndexing customization directives above. + # + AddEncoding x-compress Z + AddEncoding x-gzip gz tgz + + # + # AddLanguage allows you to specify the language of a document. You can + # then use content negotiation to give a browser a file in a language + # it can understand. + # + # Note 1: The suffix does not have to be the same as the language + # keyword --- those with documents in Polish (whose net-standard + # language code is pl) may wish to use "AddLanguage pl .po" to + # avoid the ambiguity with the common suffix for perl scripts. + # + # Note 2: The example entries below illustrate that in quite + # some cases the two character 'Language' abbriviation is not + # identical to the two character 'Country' code for its country, + # E.g. 'Danmark/dk' versus 'Danish/da'. + # + # Note 3: In the case of 'ltz' we violate the RFC by using a three char + # specifier. But there is 'work in progress' to fix this and get + # the reference data for rfc1766 cleaned up. + # + # Danish (da) - Dutch (nl) - English (en) - Estonian (ee) + # French (fr) - German (de) - Greek-Modern (el) + # Italian (it) - Portugese (pt) - Luxembourgeois* (ltz) + # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz) + # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja) + # + AddLanguage da .dk + AddLanguage nl .nl + AddLanguage en .en + AddLanguage et .ee + AddLanguage fr .fr + AddLanguage de .de + AddLanguage el .el + AddLanguage it .it + AddLanguage ja .ja + AddCharset ISO-2022-JP .jis + AddLanguage pl .po + AddCharset ISO-8859-2 .iso-pl + AddLanguage pt .pt + AddLanguage pt-br .pt-br + AddLanguage ltz .lu + AddLanguage ca .ca + AddLanguage es .es + AddLanguage sv .se + AddLanguage cz .cz + + # LanguagePriority allows you to give precedence to some languages + # in case of a tie during content negotiation. + # + # Just list the languages in decreasing order of preference. We have + # more or less alphabetized them here. You probably want to change this. + # + <IfModule mod_negotiation.c> + LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv + </IfModule> + + # + # AddType allows you to tweak mime.types without actually editing it, or to + # make certain files to be certain types. + # + # For example, the PHP 3.x module (not part of the Apache distribution - see + # http://www.php.net) will typically use: + # + #AddType application/x-httpd-php3 .php3 + #AddType application/x-httpd-php3-source .phps + # + # And for PHP 4.x, use: + # + #AddType application/x-httpd-php .php + #AddType application/x-httpd-php-source .phps + + AddType application/x-tar .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers", + # actions unrelated to filetype. These can be either built into the server + # or added with the Action command (see below) + # + # If you want to use server side includes, or CGI outside + # ScriptAliased directories, uncomment the following lines. + # + # To use CGI scripts: + # + #AddHandler cgi-script .cgi + + # + # To use server-parsed HTML files + # + #AddType text/html .shtml + #AddHandler server-parsed .shtml + + # + # Uncomment the following line to enable Apache's send-asis HTTP file + # feature + # + #AddHandler send-as-is asis + + # + # If you wish to use server-parsed imagemap files, use + # + #AddHandler imap-file map + + # + # To enable type maps, you might want to use + # + #AddHandler type-map var + +</IfModule> +# End of document types. + +# +# Action lets you define media types that will execute a script whenever +# a matching file is called. This eliminates the need for repeated URL +# pathnames for oft-used CGI file processors. +# Format: Action media/type /cgi-script/location +# Format: Action handler-name /cgi-script/location +# + +# +# MetaDir: specifies the name of the directory in which Apache can find +# meta information files. These files contain additional HTTP headers +# to include when sending the document +# +#MetaDir .web + +# +# MetaSuffix: specifies the file name suffix for the file containing the +# meta information. +# +#MetaSuffix .meta + +# +# Customizable error response (Apache style) +# these come in three flavors +# +# 1) plain text +#ErrorDocument 500 "The server made a boo boo. +# n.b. the (") marks it as text, it does not get output +# +# 2) local redirects +#ErrorDocument 404 /missing.html +# to redirect to local URL /missing.html +#ErrorDocument 404 /cgi-bin/missing_handler.pl +# N.B.: You can redirect to a script or a document using server-side-includes. +# +# 3) external redirects +#ErrorDocument 402 http://some.other_server.com/subscription_info.html +# N.B.: Many of the environment variables associated with the original +# request will *not* be available to such a script. + +# +# Customize behaviour based on the browser +# +<IfModule mod_setenvif.c> + + # + # The following directives modify normal HTTP response behavior. + # The first directive disables keepalive for Netscape 2.x and browsers that + # spoof it. There are known problems with these browser implementations. + # The second directive is for Microsoft Internet Explorer 4.0b2 + # which has a broken HTTP/1.1 implementation and does not properly + # support keepalive when it is used on 301 or 302 (redirect) responses. + # + BrowserMatch "Mozilla/2" nokeepalive + BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + + # + # The following directive disables HTTP/1.1 responses to browsers which + # are in violation of the HTTP/1.0 spec by not being able to grok a + # basic 1.1 response. + # + BrowserMatch "RealPlayer 4\.0" force-response-1.0 + BrowserMatch "Java/1\.0" force-response-1.0 + BrowserMatch "JDK/1\.0" force-response-1.0 + +</IfModule> + +# +# Allow server status reports, with the URL of http://servername/server-status +# Change the ".your_domain.com" to match your domain to enable. +# +#<Location /server-status> +# SetHandler server-status +# Order deny,allow +# Deny from all +# Allow from .your_domain.com +#</Location> + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".your_domain.com" to match your domain to enable. +# +#<Location /server-info> +# SetHandler server-info +# Order deny,allow +# Deny from all +# Allow from .your_domain.com +#</Location> + +# +# There have been reports of people trying to abuse an old bug from pre-1.1 +# days. This bug involved a CGI script distributed as a part of Apache. +# By uncommenting these lines you can redirect these attacks to a logging +# script on phf.apache.org. Or, you can record them yourself, using the script +# support/phf_abuse_log.cgi. +# +#<Location /cgi-bin/phf*> +# Deny from all +# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi +#</Location> + +# +# Proxy Server directives. Uncomment the following lines to +# enable the proxy server: +# +#<IfModule mod_proxy.c> + #ProxyRequests On + # + #<Directory proxy:*> + # Order deny,allow + # Deny from all + # Allow from .your_domain.com + #</Directory> + + # + # Enable/disable the handling of HTTP/1.1 "Via:" headers. + # ("Full" adds the server version; "Block" removes all outgoing Via: headers) + # Set to one of: Off | On | Full | Block + # + #ProxyVia On + + # + # To enable the cache as well, edit and uncomment the following lines: + # (no cacheing without CacheRoot) + # + #CacheRoot "/var/cache/httpd" + #CacheSize 5 + #CacheGcInterval 4 + #CacheMaxExpire 24 + #CacheLastModifiedFactor 0.1 + #CacheDefaultExpire 1 + #NoCache a_domain.com another_domain.edu joes.garage_sale.com + +#</IfModule> +# End of proxy directives. + +### Section 3: Virtual Hosts +# +# VirtualHost: If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. +# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/> +# for further details before you try to setup virtual hosts. +# You may use the command line option '-S' to verify your virtual host +# configuration. + +# +# If you want to use name-based virtual hosts you need to define at +# least one IP address (and port number) for them. +# +#NameVirtualHost 12.34.56.78:80 +#NameVirtualHost 12.34.56.78 + +# +# VirtualHost example: +# Almost any Apache directive may go into a VirtualHost container. +# +#<VirtualHost ip.address.of.host.some_domain.com> +# ServerAdmin webmaster@host.some_domain.com +# DocumentRoot /www/docs/host.some_domain.com +# ServerName host.some_domain.com +# ErrorLog logs/host.some_domain.com-error_log +# CustomLog logs/host.some_domain.com-access_log common +#</VirtualHost> + +#<VirtualHost _default_:*> +#</VirtualHost> + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +<IfDefine SSL> +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl +</IfDefine> + +<IfModule mod_ssl.c> + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First either `none' +# or `dbm:/path/to/file' for the mechanism to use and +# second the expiring timeout (in seconds). +#SSLSessionCache none +#SSLSessionCache shm:/usr/local/httpd/logs/ssl_scache(512000) +SSLSessionCache dbm:/usr/local/httpd/logs/ssl_scache +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual explusion semaphore the +# SSL engine uses internally for inter-process synchronization. +SSLMutex file:/usr/local/httpd/logs/ssl_mutex + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# Logging: +# The home of the dedicated SSL protocol logfile. Errors are +# additionally duplicated in the general error log file. Put +# this somewhere where it cannot be used for symlink attacks on +# a real server (i.e. somewhere where only root can write). +# Log levels are (ascending order: higher ones include lower ones): +# none, error, warn, info, trace, debug. +SSLLog /usr/local/httpd/logs/ssl_engine_log +SSLLogLevel info + +</IfModule> + +<IfDefine SSL> + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + +# General setup for the virtual host +DocumentRoot "/usr/local/httpd/htdocs" +ServerName linux.bagwan +ServerAdmin webmaster@linux.bagwan +ErrorLog /usr/local/httpd/logs/error_log +TransferLog /usr/local/httpd/logs/access_log + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A test +# certificate can be generated with `make certificate' under +# built time. Keep in mind that if you've both a RSA and a DSA +# certificate you can configure both in parallel (to also allow +# the use of DSA ciphers, etc.) +SSLCertificateFile /etc/httpd/ssl.crt/server.crt +#SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/httpd/ssl.key/server.key +#SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +# Note: Inside SSLCACertificatePath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCACertificatePath /etc/httpd/ssl.crt +#SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt + +# Certificate Revocation Lists (CRL): +# Set the CA revocation path where to find CA CRLs for client +# authentication or alternatively one huge file containing all +# of them (file must be PEM encoded) +# Note: Inside SSLCARevocationPath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCARevocationPath /etc/httpd/ssl.crl +#SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +#<Location /> +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o CompatEnvVars: +# This exports obsolete environment variables for backward compatibility +# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this +# to provide compatibility to existing CGI scripts. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire +<Files ~ "\.(cgi|shtml)$"> + SSLOptions +StdEnvVars +</Files> +<Directory "/usr/local/httpd/cgi-bin"> + SSLOptions +StdEnvVars +</Directory> + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog /usr/local/httpd/logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +</VirtualHost> + +</IfDefine> + +#Include /etc/httpd/tomcat.conf diff --git a/net-www/cocoon/cocoon-1.7-r1.ebuild b/net-www/cocoon/cocoon-1.7-r1.ebuild new file mode 100644 index 000000000000..065922ea95aa --- /dev/null +++ b/net-www/cocoon/cocoon-1.7-r1.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/net-www/cocoon/cocoon-1.7-r1.ebuild,v 1.1 2000/08/10 01:53:39 achim Exp $ + +P=cocoon-1.7 +A=Cocoon-1.7.tar.gz +S=${WORKDIR}/${P} +CATEGORY="net-www" +DESCRIPTION="A Web Publishing Framework for Apache" +SRC_URI="http://xml.apache.org/cocoon/dist/"${A} +HOMEPAGE="http://xml.apache.org/cocoon/" + +src_unpack() { + unpack ${A} +} + +src_compile() { + CLASSPATH=/opt/java/src.jar:/opt/java/lib/tools.jar + CLASSPATH=${CLASSPATH}:/opt/java/lib/jndi.jar + CLASSPATH=${CLASSPATH}:/opt/java/lib/xt.jar:/opt/java/lib/sax.jar + CLASSPATH=${CLASSPATH}:/opt/java/lib/fesi.jar + export CLASSPATH + export JAVA_HOME=/opt/java + cd ${S} + sh build.sh + cd build/src + jar cf ../classes/cocoon.jar org WEB-INF +} + +src_install() { + cd ${S} + insinto /opt/java/lib + for i in xerces_1_0_1 xalan_0_19_4 fop_0_12_1 + do + doins lib/$i.jar + done + doins build/classes/cocoon.jar + insinto /opt/jakarta/tomcat/conf + doins ${O}/files/cocoon.properties + dodoc README LICENSE + dodir /usr/doc/${P}/html + cp -a docs/* ${D}/usr/doc/${P}/html + find ${D}/usr/doc/${P}/html -type f -exec gzip -9 {} \; +} + + + diff --git a/net-www/cocoon/files/cocoon.properties b/net-www/cocoon/files/cocoon.properties new file mode 100644 index 000000000000..f5221727aafd --- /dev/null +++ b/net-www/cocoon/files/cocoon.properties @@ -0,0 +1,224 @@ +############################################################################## +# Cocoon Configuration file # +############################################################################## + + + +########################################## +# Global Configurations # +########################################## + +# Indicates whether or not Cocoon should be visible if +# the requested URI equals the specified one. +selfservlet.enabled = true +selfservlet.uri = /Cocoon.xml + +# Indicates whether or not Cocoon should handle errors internally +# and format the error and the exception stack trace to the client +# or return the HTTP error code to the web server and let it handle it. +handle.errors.internally = true + + + +########################################## +# XML Parsers # +########################################## + +# Apache Xerces 1.0.1+ (http://xml.apache.com/) +parser = org.apache.cocoon.parser.XercesParser + +# SUN ProjectX TR2 (http://java.sun.com/xml/) +#parser = org.apache.cocoon.parser.SunXMLParser + +# Indicate whether the XML file should be validated or not +# this is turned off by default for faster operation. +parser.validate = false + + +########################################## +# XSLT Transformers # +########################################## + +# Apache Xalan (http://xml.apache.org/) +transformer = org.apache.cocoon.transformer.XalanTransformer + +# James Clark's XT (http://www.jclark.com/) +transformer = org.apache.cocoon.transformer.XTTransformer + + + +########################################## +# XML Producers # +########################################## + +# For example, if you want to produce your XML template reading it from +# the file system, using your producer, you should request the URI: +# http://your.site.com/your_XML_file.xml?producer=file + +# This is the request parameter used to identify the producer in the request: +# (default value is "producer") +producer.parameter = producer + +# The syntax for this is +# producer.type.xxx = full.class.name +# where "xxx" is the producer indentier used in the request +producer.type.file = org.apache.cocoon.producer.ProducerFromFile +producer.type.request = org.apache.cocoon.producer.ProducerFromRequest + +# This is used in the example files +producer.type.dummy = org.apache.cocoon.example.DummyProducer + +# When producer indication is present in the request +# this configuration allows to map those requests to a particular +# producer indicated here with its type. +# NOTE: this type must present in the above map. +producer.default = file + + + + + +########################################## +# XML Processors # +########################################## + +# These are used when the <?cocoon-process type="xxx"?> PI is present. +# If no PI of that type is present, no processing is performed. +# The syntax for this is +# processor.type.xxx = full.class.name + +# XSL Transformations (XSLT) +processor.type.xslt = org.apache.cocoon.processor.xslt.XSLTProcessor + +# SQL Processor +processor.type.sql = org.apache.cocoon.processor.sql.SQLProcessor + +# eXtensible Server Pages Processor (XSP) +processor.type.xsp = org.apache.cocoon.processor.xsp.XSPProcessor + +# sets the repository where the compiled pages are stored. +# NOTE: make sure the directory is readable. This directory is usually +# relative to the web server's or to the servlet engine's. In case you're not +# sure, use an absolute location. +# WARNING: since this repository may contain information you want to remain +# secret, we highly suggest that you protect the repository from untrusted +# access, even read-only. Only Cocoon and the system administrators should +# have access here. +processor.xsp.repository = ./repository + +# Set the libraries associated with the given namespace. +# Use the syntax: +# processor.xsp.library.<namespace-tag>.<language> = URL to file +# where "URL to file" is usually starting with file:// if you locate +# your custom library in your file system. +processor.xsp.library.context.java = resource://org/apache/cocoon/processor/xsp/library/java/context.xsl +processor.xsp.library.cookie.java = resource://org/apache/cocoon/processor/xsp/library/java/cookie.xsl +processor.xsp.library.global.java = resource://org/apache/cocoon/processor/xsp/library/java/global.xsl +processor.xsp.library.request.java = resource://org/apache/cocoon/processor/xsp/library/java/request.xsl +processor.xsp.library.response.java = resource://org/apache/cocoon/processor/xsp/library/java/response.xsl +processor.xsp.library.session.java = resource://org/apache/cocoon/processor/xsp/library/java/session.xsl +processor.xsp.library.util.java = resource://org/apache/cocoon/processor/xsp/library/java/util.xsl + +# LDAP Processor +processor.type.ldap = org.apache.cocoon.processor.ldap.LdapProcessor + + +#### !!!!WARNING!!!! ########### +# The DCP processor should be considered -deprecated- and we highly suggest +# you to convert all of your DCP stuff into XSP pages that, in the future, +# will totally replace DCP. +# +# Dynamic Content Processor (DCP) +processor.type.dcp = org.apache.cocoon.processor.dcp.DCPProcessor +# +################################ + + +########################################## +# XML Formatters # +########################################## + +# These are used when the <?cocoon-format type="xxx/yyy"?> PI is present +# The syntax for this is +# formatter.type.xxx/yyy = full.class.name + +formatter.type.text/xml = org.apache.cocoon.formatter.XMLFormatter +formatter.type.text/wml = org.apache.cocoon.formatter.WMLFormatter +formatter.type.text/html = org.apache.cocoon.formatter.HTMLFormatter +formatter.type.text/plain = org.apache.cocoon.formatter.TextFormatter +formatter.type.text/xslfo = org.apache.cocoon.formatter.FO2PDFFormatter +formatter.type.model/vrml = org.apache.cocoon.formatter.VRMLFormatter + +# This is used when no <?cocoon?> PI is present to indicate +# which MIME type to associate to the document. +# NOTE: this type must present in the above map. +formatter.default = text/html + +# Specifies the text stream format. (meaningful for text formatters only) +# Supported styles are +# - normal +# - compact +formatter.style = normal + + + + +########################################## +# Cache Managers # +########################################## + +# the default cache +cache = org.apache.cocoon.cache.CocoonCache + +# disable page caching +#cache = org.apache.cocoon.cache.NoCache + + + + +########################################## +# Object Storage Systems # +########################################## + +# the default object storage +store = org.apache.cocoon.store.MemoryStore + + + + + +########################################## +# Language Interpreters # +########################################## + +# These are used by the DCP Processor +interpreter.type.java = org.apache.cocoon.interpreter.java.JavaInterpreter +#interpreter.type.ecmascript = org.apache.cocoon.interpreter.ecmascript.EcmaScriptInterpreter +#interpreter.type.javascript = org.apache.cocoon.interpreter.ecmascript.EcmaScriptInterpreter + +# Indicates the default language if not specified in the DCP PIs +interpreter.default = java + +# NOTE: see the DCP user guide for instructions on using ecmascript and the +# packages required for this operation. + + +########################################## +# User Agents (Browsers) # +########################################## + +# NOTE: numbers indicate the search order. This is very important since +# some words may be found in more than one browser description. (MSIE is +# presented as "Mozilla/4.0 (Compatible; MSIE 4.01; ...") +# +# for example, the "explorer=MSIE" tag indicates that the XSL stylesheet +# associated to the media type "explorer" should be mapped to those browsers +# that have the string "MSIE" in their "user-Agent" HTTP header. + +browser.0 = explorer=MSIE +browser.1 = opera=Opera +browser.2 = lynx=Lynx +browser.3 = java=Java +browser.4 = wap=Nokia-WAP-Toolkit +browser.5 = wap=UP +browser.6 = netscape=Mozilla diff --git a/net-www/cocoon/files/digest b/net-www/cocoon/files/digest new file mode 100644 index 000000000000..463bc897e2fd --- /dev/null +++ b/net-www/cocoon/files/digest @@ -0,0 +1 @@ +MD5 7366954b876bae860bafa53c309f628d Cocoon-1.7.tar.gz diff --git a/net-www/jakarta/files/digest b/net-www/jakarta/files/digest new file mode 100644 index 000000000000..9b6569885211 --- /dev/null +++ b/net-www/jakarta/files/digest @@ -0,0 +1,2 @@ +MD5 32025cd19b28c416532eb17e7cda1218 jakarta-tomcat.tar.gz +MD5 f3c6f2df40562b36eed067a8b6580526 jakarta-ant.tar.gz diff --git a/net-www/jakarta/files/jakarta b/net-www/jakarta/files/jakarta new file mode 100755 index 000000000000..b8db423e01f4 --- /dev/null +++ b/net-www/jakarta/files/jakarta @@ -0,0 +1,101 @@ +#!/bin/sh +#RCUPDATE:3 4:75: +# $Id: jakarta,v 1.1 2000/08/10 01:53:39 achim Exp $ + +. /etc/rc.d/config/functions + +# Shell script to start and stop the server +opts="start stop restart" + +# There are other, simpler commands to startup the runner. The two +# commented commands good replacements. The first works well with +# Java Platform 1.1 based runtimes. The second works well with +# Java2 Platform based runtimes. + +JAVA_HOME=/opt/java +TOMCAT_HOME=/opt/jakarta/tomcat + +if [ "$TOMCAT_OPTS" = "" ] ; then + TOMCAT_OPTS="" +fi + +if [ "$ANT_OPTS" = "" ] ; then + ANT_OPTS="" +fi + +if [ "$JSPC_OPTS" = "" ] ; then + JSPC_OPTS="" +fi + +if [ -z "$JAVA_HOME" ] ; then + JAVA=`which java` + if [ -z "$JAVA" ] ; then + echo "Cannot find JAVA. Please set your PATH." + exit 1 + fi + JAVA_BINDIR=`dirname $JAVA` + JAVA_HOME=$JAVA_BINDIR/.. +fi + +if [ "$JAVACMD" = "" ] ; then + # it may be defined in env - including flags!! + JAVACMD=$JAVA_HOME/bin/java +fi + + +oldCP=$CLASSPATH + +CLASSPATH=. + + +for i in ${TOMCAT_HOME}/lib/* ; do + CLASSPATH=${CLASSPATH}:$i +done + +if [ -f /opt/java/lib/tomcat.jar ]; then + CLASSPATH=/opt/java/lib/tomcat.jar:${CLASSPATH} +fi + +# Add support for Cocoon if available + +if [ -d /opt/jakarta/tomcat/conf/cocoon.properties ]; then + CLASSPATH=/opt/java/lib/cocoon.jar:${CLASSPATH} + CLASSPATH=/opt/java/lib/fop_0_12_1.jar:${CLASSPATH} + CLASSPATH=/opt/java/lib/xalan_0_19_4.jar:${CLASSPATH} + CLASSPATH=/opt/java/lib/xerces_1_0_1.jar:${CLASSPATH} + CLASSPATH=${CLASSPATH}:/opt/java/jndi.jar +fi + +#if [ "$oldCP" != "" ]; then +# CLASSPATH=${CLASSPATH}:${oldCP} +#fi +for i in /opt/java/lib/*.jar ; do + CLASSPATH=${CLASSPATH}:$i +done + +CLASSPATH=${CLASSPATH}:/opt/java/src.jar:/opt/java/lib + +export CLASSPATH + +# We start the server up in the background for a couple of reasons: +# 1) It frees up your command window +# 2) You should use `stop` option instead of ^C to bring down the server +OP="$TOMCAT_OPTS -Dtomcat.home=${TOMCAT_HOME} org.apache.tomcat.startup.Tomcat" +start () { + ebegin "Starting Jakarta Servlet Engine..." + $JAVACMD $OP & + eend $? "Error starting Jakarta Servler Engine!" +} +stop () { + ebegin "Stopping Jakarta Servlet Engine..." + $JAVACMD $OP -stop + eend $? "Error stopping Jakarta Servler Engine!" +} +restart () { + stop + start +} + +doservice ${@} + + diff --git a/net-www/jakarta/files/tomcat.conf b/net-www/jakarta/files/tomcat.conf new file mode 100644 index 000000000000..d8f6645fb1d2 --- /dev/null +++ b/net-www/jakarta/files/tomcat.conf @@ -0,0 +1,50 @@ +############################################################################### +# Apache JServ Configuration File # +############################################################################### + +# Note: this file should be appended or included into your httpd.conf + +# Tell Apache on win32 to load the Apache JServ communication module +# LoadModule jserv_module modules/ApacheModuleJServ.dll + +# Tell Apache on Unix to load the Apache JServ communication module +# For shared object builds only!!! +# @LOAD_OR_NOT@LoadModule jserv_module @LIBEXECDIR@/mod_jserv.so +LoadModule jserv_module libexec/mod_jserv.so + +<IfModule mod_jserv.c> +# Do not edit! +ApJServManual on +ApJServDefaultProtocol ajpv12 +ApJServSecretKey DISABLED +ApJServMountCopy on +ApJServLogLevel notice + + +### Change if you run tomcat on a different host +#ApJServDefaultHost localhost +ApJServDefaultPort 8007 + + +#################### All jsp files will go to tomcat #################### +ApJServMount default /root + +AddType text/jsp .jsp +AddHandler jserv-servlet .jsp + +############################## Context mapping - all requests go to tomcat + +ApJServMount /examples /root + +############################## Context mapping - you need to "deploy" +# ( copy or ln -s ) the context into htdocs +## + +# ApJservMount /CONTEXT/servlet /root +# <Location /CONTEXT/WEB-INF/ > +# AllowOverride None +# deny from all +# </Location> + + +</IfModule> diff --git a/net-www/jakarta/files/web.xml b/net-www/jakarta/files/web.xml new file mode 100644 index 000000000000..03fee6ca5da8 --- /dev/null +++ b/net-www/jakarta/files/web.xml @@ -0,0 +1,775 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> + +<!DOCTYPE web-app + PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" + "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd"> + +<web-app> + <servlet> + <servlet-name> + default + </servlet-name> + <servlet-class> + org.apache.tomcat.servlets.DefaultServlet + </servlet-class> + <load-on-startup> + -2147483646 + </load-on-startup> + </servlet> + <servlet> + <servlet-name> + invoker + </servlet-name> +<!-- + org.apache.tomcat.servlets.NoInvokerServlet +--> + <servlet-class> + org.apache.tomcat.servlets.InvokerServlet + </servlet-class> + </servlet> + <servlet> + <servlet-name> + jsp + </servlet-name> + <servlet-class> + org.apache.jasper.runtime.JspServlet + </servlet-class> + +<!-- uncomment the following to use Jikes for JSP compilation + + <init-param> + <param-name>jspCompilerPlugin</param-name> + <param-value>org.apache.jasper.compiler.JikesJavaCompiler</param-value> + </init-param> + +--> + + <load-on-startup> + -2147483646 + </load-on-startup> + </servlet> + +<!-- uncoomet the following to use Cocoon + <servlet> + <servlet-name> + org.apache.cocoon.Cocoon + </servlet-name> + <servlet-class> + org.apache.cocoon.Cocoon + </servlet-class> + <init-param> + <param-name> + properties + </param-name> + <param-value> + /opt/jakarta/tomcat/conf/cocoon.properties + </param-value> + </init-param> + </servlet> + <servlet-mapping> + <servlet-name> + org.apache.cocoon.Cocoon + </servlet-name> + <url-pattern> + *.xml + </url-pattern> + </servlet-mapping> + +--> + <servlet-mapping> + <servlet-name> + invoker + </servlet-name> + <url-pattern> + /servlet/* + </url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name> + jsp + </servlet-name> + <url-pattern> + *.jsp + </url-pattern> + </servlet-mapping> + <session-config> + <session-timeout> + 30 + </session-timeout> + </session-config> + <mime-mapping> + <extension> + txt + </extension> + <mime-type> + text/plain + </mime-type> + </mime-mapping> + <mime-mapping> + <extension> + html + </extension> + <mime-type> + text/html + </mime-type> + </mime-mapping> + <mime-mapping> + <extension> + htm + </extension> + <mime-type> + text/html + </mime-type> + </mime-mapping> + <mime-mapping> + <extension> + gif + </extension> + <mime-type> + image/gif + </mime-type> + </mime-mapping> + <mime-mapping> + <extension> + jpg + </extension> + <mime-type> + image/jpeg + </mime-type> + </mime-mapping> + <mime-mapping> + <extension> + jpe + </extension> + <mime-type> + image/jpeg + </mime-type> + </mime-mapping> + <mime-mapping> + <extension> + jpeg + </extension> + <mime-type> + image/jpeg + </mime-type> + </mime-mapping> + <mime-mapping> + <extension> + java + </extension> + <mime-type>
+ text/plain
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ body
+ </extension>
+ <mime-type>
+ text/html
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ rtx
+ </extension>
+ <mime-type>
+ text/richtext
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ tsv
+ </extension>
+ <mime-type>
+ text/tab-separated-values
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ etx
+ </extension>
+ <mime-type>
+ text/x-setext
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ ps
+ </extension>
+ <mime-type>
+ application/x-postscript
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ class
+ </extension>
+ <mime-type>
+ application/java
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ csh
+ </extension>
+ <mime-type>
+ application/x-csh
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ sh
+ </extension>
+ <mime-type>
+ application/x-sh
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ tcl
+ </extension>
+ <mime-type>
+ application/x-tcl
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ tex
+ </extension>
+ <mime-type>
+ application/x-tex
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ texinfo
+ </extension>
+ <mime-type>
+ application/x-texinfo
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ texi
+ </extension>
+ <mime-type>
+ application/x-texinfo
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ t
+ </extension>
+ <mime-type>
+ application/x-troff
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ tr
+ </extension>
+ <mime-type>
+ application/x-troff
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ roff
+ </extension>
+ <mime-type>
+ application/x-troff
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ man
+ </extension>
+ <mime-type>
+ application/x-troff-man
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ me
+ </extension>
+ <mime-type>
+ application/x-troff-me
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ ms
+ </extension>
+ <mime-type>
+ application/x-wais-source
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ src
+ </extension>
+ <mime-type>
+ application/x-wais-source
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ zip
+ </extension>
+ <mime-type>
+ application/zip
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ bcpio
+ </extension>
+ <mime-type>
+ application/x-bcpio
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ cpio
+ </extension>
+ <mime-type>
+ application/x-cpio
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ gtar
+ </extension>
+ <mime-type>
+ application/x-gtar
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ shar
+ </extension>
+ <mime-type>
+ application/x-shar
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ sv4cpio
+ </extension>
+ <mime-type>
+ application/x-sv4cpio
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ sv4crc
+ </extension>
+ <mime-type>
+ application/x-sv4crc
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ tar
+ </extension>
+ <mime-type>
+ application/x-tar
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ ustar
+ </extension>
+ <mime-type>
+ application/x-ustar
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ dvi
+ </extension>
+ <mime-type>
+ application/x-dvi
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ hdf
+ </extension>
+ <mime-type>
+ application/x-hdf
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ latex
+ </extension>
+ <mime-type>
+ application/x-latex
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ bin
+ </extension>
+ <mime-type>
+ application/octet-stream
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ oda
+ </extension>
+ <mime-type>
+ application/oda
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ pdf
+ </extension>
+ <mime-type>
+ application/pdf
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ ps
+ </extension>
+ <mime-type>
+ application/postscript
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ eps
+ </extension>
+ <mime-type>
+ application/postscript
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ ai
+ </extension>
+ <mime-type>
+ application/postscript
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ rtf
+ </extension>
+ <mime-type>
+ application/rtf
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ nc
+ </extension>
+ <mime-type>
+ application/x-netcdf
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ cdf
+ </extension>
+ <mime-type>
+ application/x-netcdf
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ cer
+ </extension>
+ <mime-type>
+ application/x-x509-ca-cert
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ exe
+ </extension>
+ <mime-type>
+ application/octet-stream
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ gz
+ </extension>
+ <mime-type>
+ application/x-gzip
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ Z
+ </extension>
+ <mime-type>
+ application/x-compress
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ z
+ </extension>
+ <mime-type>
+ application/x-compress
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ hqx
+ </extension>
+ <mime-type>
+ application/mac-binhex40
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ mif
+ </extension>
+ <mime-type>
+ application/x-mif
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ ief
+ </extension>
+ <mime-type>
+ image/ief
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ tiff
+ </extension>
+ <mime-type>
+ image/tiff
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ tif
+ </extension>
+ <mime-type>
+ image/tiff
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ ras
+ </extension>
+ <mime-type>
+ image/x-cmu-raster
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ pnm
+ </extension>
+ <mime-type>
+ image/x-portable-anymap
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ pbm
+ </extension>
+ <mime-type>
+ image/x-portable-bitmap
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ pgm
+ </extension>
+ <mime-type>
+ image/x-portable-graymap
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ ppm
+ </extension>
+ <mime-type>
+ image/x-portable-pixmap
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ rgb
+ </extension>
+ <mime-type>
+ image/x-rgb
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ xbm
+ </extension>
+ <mime-type>
+ image/x-xbitmap
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ xpm
+ </extension>
+ <mime-type>
+ image/x-xpixmap
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ xwd
+ </extension>
+ <mime-type>
+ image/x-xwindowdump
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ au
+ </extension>
+ <mime-type>
+ audio/basic
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ snd
+ </extension>
+ <mime-type>
+ audio/basic
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ aif
+ </extension>
+ <mime-type>
+ audio/x-aiff
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ aiff
+ </extension>
+ <mime-type>
+ audio/x-aiff
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ aifc
+ </extension>
+ <mime-type>
+ audio/x-aiff
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ wav
+ </extension>
+ <mime-type>
+ audio/x-wav
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ mpeg
+ </extension>
+ <mime-type>
+ video/mpeg
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ mpg
+ </extension>
+ <mime-type>
+ video/mpeg
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ mpe
+ </extension>
+ <mime-type>
+ video/mpeg
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ qt
+ </extension>
+ <mime-type>
+ video/quicktime
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ mov
+ </extension>
+ <mime-type>
+ video/quicktime
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ avi
+ </extension>
+ <mime-type>
+ video/x-msvideo
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ movie
+ </extension>
+ <mime-type>
+ video/x-sgi-movie
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ avx
+ </extension>
+ <mime-type>
+ video/x-rad-screenplay
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ wrl
+ </extension>
+ <mime-type>
+ x-world/x-vrml
+ </mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>
+ mpv2
+ </extension>
+ <mime-type>
+ video/mpeg2
+ </mime-type>
+ </mime-mapping>
+ <welcome-file-list>
+ <welcome-file>
+ index.jsp
+ </welcome-file>
+ <welcome-file>
+ index.html
+ </welcome-file>
+ <welcome-file>
+ index.htm
+ </welcome-file>
+ </welcome-file-list>
+</web-app>
diff --git a/net-www/jakarta/jakarta-3.1-r1.ebuild b/net-www/jakarta/jakarta-3.1-r1.ebuild new file mode 100644 index 000000000000..ac3fcda91171 --- /dev/null +++ b/net-www/jakarta/jakarta-3.1-r1.ebuild @@ -0,0 +1,80 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/net-www/jakarta/jakarta-3.1-r1.ebuild,v 1.1 2000/08/10 01:53:39 achim Exp $ + +P=jakarta-3.1 +A="jakarta-tomcat.tar.gz jakarta-ant.tar.gz" +S=${WORKDIR} +CATEGORY="net-www" +DESCRIPTION="Apache Servlet Engine" +SRC_URI="http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-tomcat.tar.gz + http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-ant.tar.gz" +HOMEPAGE="http://jakarta.apache.org" + +src_unpack() { + unpack ${A} +} + +src_compile() { + export CLASSPATH=/opt/java/src.jar:/opt/java/lib/tools.jar + + echo "Building ant..." + cd ${S}/jakarta-ant + ./bootstrap.sh + echo "Building tomcat..." + cd ${S}/jakarta-tomcat + ./build.sh + cd src/native/apache/jserv + apxs -c mod_jserv.c jserv*.c + cd ${S}/build/tomcat/classes + jar -cf tomcat.jar javax org + rm -rf javax + rm -rf org +} + +src_install() { + dodir /opt/jakarta + cp -a ${S}/build/tomcat ${D}/opt/jakarta + insinto /opt/java/lib + doins ${S}/build/tomcat/classes/tomcat.jar + rm -rf ${D}/opt/jakarta/tomcat/classes + rm ${D}/opt/jakrta/tomcat/bin/*.bat + insinto /usr/lib/apache + doins ${S}/jakarta-tomcat/src/native/apache/jserv/mod_jserv.so + insinto /etc/httpd + doins ${O}/files/tomcat.conf + insinto /etc/rc.d/init.d + doins ${O}/files/jakarta + insinto /opt/jakarta/tomcat/conf + doins ${O}/files/web.xml + + cd ${S}/jakarta-tomcat + dodoc BUGS LICENSE README RELEASE-* TODO etc/*.txt src/doc/faq src/doc/readme + docinto html + dodoc *.html etc/*.html + docinto html/guide + dodoc src/doc/uguide/*.html + dodoc src/doc/uguide/*.css + docinto html/guide/images + dodoc src/doc/uguide/images/*.gif + + + +} + +pkg_config() { + + source ${ROOT}/etc/rc.d/config/functions + einfo "Activating mod_jserv in httpd.conf..." + cp ${ROOT}/etc/httpd/httpd.conf ${ROOT}/etc/httpd/httpd.conf.orig + sed -e "s:^#LoadModule jserv_module:LoadModule jserv_module:" \ + -e "s:^#AddModule mod_jserv\.c:AddModule mod_jserv\.c:" \ + -e "s:^#Include /etc/httpd/tomcat\.conf:Include /etc/httpd/tomcat\.conf:" \ + ${ROOT}/etc/httpd/httpd.conf.orig > ${ROOT}/etc/httpd/httpd.conf + einfo "Activating Servlet Engine..." + ${ROOT}/usr/sbin/rc-update add jakarta +} + + + diff --git a/net-www/lynx/files/digest b/net-www/lynx/files/digest new file mode 100644 index 000000000000..8a61c8f3ff48 --- /dev/null +++ b/net-www/lynx/files/digest @@ -0,0 +1,2 @@ +MD5 fb0dda3883fe2f0d016632019dd09adf lynx-2.8.3.tar.gz +MD5 c48607b33f493284ba60c8a431a13b03 lynx-283-ssl.patch.gz diff --git a/net-www/lynx/files/fr.po.gz b/net-www/lynx/files/fr.po.gz Binary files differnew file mode 100644 index 000000000000..e7ef63af1346 --- /dev/null +++ b/net-www/lynx/files/fr.po.gz diff --git a/net-www/lynx/lynx-2.8.3-r1.ebuild b/net-www/lynx/lynx-2.8.3-r1.ebuild new file mode 100644 index 000000000000..9a743980044f --- /dev/null +++ b/net-www/lynx/lynx-2.8.3-r1.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/net-www/lynx/lynx-2.8.3-r1.ebuild,v 1.1 2000/08/10 01:53:39 achim Exp $ + +# NOW HAS SSLeay Support (so it will use the SSLeay library if found to +# do SSL connections :) + +P=lynx-2.8.3 +A="lynx-2.8.3.tar.gz lynx-283-ssl.patch.gz" +S=${WORKDIR}/lynx-2.8.3.rel1 +CATEGORY="net-www" +SRC_URI="ftp://lynx.isc.org/lynx-2.8.3/lynx-2.8.3.tar.gz + http://www.moxienet.com/lynx/lynx-283-ssl.patch.gz" + +HOMEPAGE="http://lynx.browser.org/" + +DESCRIPTION="An excellent console-based web browser" + +src_compile() { + export CFLAGS="${CFLAGS} -I/usr/include/openssl" + ./configure --prefix=/usr --enable-cgi-links \ + --enable-nsl-fork --libdir=/etc/lynx --enable-file-upload \ + --enable-libjs --enable-color-style --enable-scrollbar \ + --enable-nls --with-catgets --enable-included-msgs --with-zlib \ + --with-x + make +} + +src_unpack() { + unpack lynx-2.8.3.tar.gz + cd ${S} + gzip -dc ${DISTDIR}/lynx-283-ssl.patch.gz | patch -p1 + zcat ${O}/files/fr.po.gz > ${S}/po/fr.po +} + +src_install() { + cd ${S} + into / + dodir /usr/bin + dodir /usr/share + dodir /etc/lynx + make prefix=${D}/usr datadir=${D}/usr/share libdir=${D}/etc/lynx install + prepman + + dodoc CHANGES COPYHEADER COPYING INSTALLATION PROBLEMS README + docinto docs + dodoc docs/* + docinto lynx_help + dodoc lynx_help/*.txt + docinto html + dodoc lynx_help/*.html + docinto html/keystrokes + dodoc lynx_help/keystrokes/*.html +} + + + + + diff --git a/net-www/netscape/files/digest b/net-www/netscape/files/digest new file mode 100644 index 000000000000..0c7d1f83e210 --- /dev/null +++ b/net-www/netscape/files/digest @@ -0,0 +1 @@ +MD5 e5434d67a50f1328a21825033055584c communicator-v473-export.x86-unknown-linuxglibc2.0.tar.gz diff --git a/net-www/netscape/files/netscape b/net-www/netscape/files/netscape new file mode 100644 index 000000000000..291dc4dee6e7 --- /dev/null +++ b/net-www/netscape/files/netscape @@ -0,0 +1,8 @@ +#!/bin/sh + +export MOZILLA_HOME=/opt/netscape + +if [ -f $MOZILLA_HOME/netscape ] +then + $MOZILLA_HOME/netscape $@ +fi diff --git a/net-www/netscape/netscape-4.73-r1.ebuild b/net-www/netscape/netscape-4.73-r1.ebuild new file mode 100644 index 000000000000..37291475bebf --- /dev/null +++ b/net-www/netscape/netscape-4.73-r1.ebuild @@ -0,0 +1,32 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/net-www/netscape/netscape-4.73-r1.ebuild,v 1.1 2000/08/10 01:53:39 achim Exp $ + +P=netscape-4.73 +A=communicator-v473-export.x86-unknown-linuxglibc2.0.tar.gz +S=${WORKDIR}/communicator-v473.x86-unknown-linux2.0 +CATEGORY="net-www" +DESCRIPTION="Netscape Communicator 4.73" +SRC_URI="ftp://ftp.netscape.com/pub/communicator/english/4.73/unix/supported/linux20_glibc2/complete_install/"${A} +HOMEPAGE="http://developer.netscape.com/support/index.html" + +src_install() { + cd ${S} + dodir /opt/netscape + dodir /opt/netscape/java/classes + dodir /usr/X11R6/bin + dodoc README.install + cd ${D}/opt/netscape + gzip -dc ${S}/netscape-v473.nif | tar xf - + gzip -dc ${S}/nethelp-v473.nif | tar xf - + gzip -dc ${S}/spellchk-v473.nif | tar xf - + cp ${S}/*.jar ${D}/opt/netscape/java/classes + cp ${O}/files/netscape ${D}/usr/X11R6/bin/netscape + rm ${D}/opt/netscape/netscape-dynMotif + rm ${D}/opt/netscape/libnullplugin-dynMotif.so + +} + + + diff --git a/net-www/squid/files/digest b/net-www/squid/files/digest new file mode 100644 index 000000000000..9b5fa11e06e5 --- /dev/null +++ b/net-www/squid/files/digest @@ -0,0 +1 @@ +MD5 c38c083f44c222a8d026fa129c30b98f squid-2.3.STABLE4-src.tar.gz diff --git a/net-www/squid/files/squid b/net-www/squid/files/squid new file mode 100755 index 000000000000..50a1d440d407 --- /dev/null +++ b/net-www/squid/files/squid @@ -0,0 +1,36 @@ +#!/bin/sh +#RCUPDATE:2 3 4:75:This line is required for script management + +source /etc/rc.d/config/functions + +SERVICE=squid +opts="start stop restart" + +PIDFILE=/var/run/squid.pid +EXE=/usr/bin/squid + +start() { + if [ ! -d /var/cache/squid/00 ] + then + $EXE -z + fi + ebegin "Starting $SERVICE..." + start-stop-daemon --start --quiet --exec $EXE -- -sYD + eend $? "Started $SERVICE." "Error Starting $SERVICE." +} + +stop() { + ebegin "Stopping $SERVICE..." + start-stop-daemon --stop --quiet --exec $EXE + eend $? "Stopped $SERVICE." "Error Stopping $SERVICE." +} + +restart() { + + stop + start +} + +doservice ${@} + + diff --git a/net-www/squid/files/squid.conf b/net-www/squid/files/squid.conf new file mode 100644 index 000000000000..38ff46655901 --- /dev/null +++ b/net-www/squid/files/squid.conf @@ -0,0 +1,2167 @@ + +# WELCOME TO SQUID 2 +# ------------------ +# +# This is the default Squid configuration file. You may wish +# to look at the Squid home page (http://squid.nlanr.net/) +# for the FAQ and other documentation. +# +# The default Squid config file shows what the defaults for +# various options happen to be. If you don't need to change the +# default, you shouldn't uncomment the line. Doing so may cause +# run-time problems. In some cases "none" refers to no default +# setting at all, while in other cases it refers to a valid +# option - the comments for that keyword indicate if this is the +# case. +# + + +# NETWORK OPTIONS +# ----------------------------------------------------------------------------- + +# TAG: http_port +# Usage: port +# hostname:port +# 1.2.3.4:port +# +# The socket addresses where Squid will listen for HTTP client +# requests. You may specify multiple socket addresses. +# There are three forms: port alone, hostname with port, and +# IP address with port. If you specify a hostname or IP +# address, then Squid binds the socket to that specific +# address. This replaces the old 'tcp_incoming_address' +# option. Most likely, you do not need to bind to a specific +# address, so you can use the port number alone. +# +# The default port number is 3128. +# +# If you are running Squid in accelerator mode, then you +# probably want to listen on port 80 also, or instead. +# +# The -a command line option will override the *first* port +# number listed here. That option will NOT override an IP +# address, however. +# +# You may specify multiple socket addresses on multiple lines. +# +#http_port 3128 + +# TAG: icp_port +# The port number where Squid sends and receives ICP queries to +# and from neighbor caches. Default is 3130. To disable use +# "0". May be overridden with -u on the command line. +# +#icp_port 3130 + +# TAG: htcp_port +# The port number where Squid sends and receives HTCP queries to +# and from neighbor caches. Default is 4827. To disable use +# "0". +# +# To enable this option, you must use --enable-htcp with the +# configure script. +#htcp_port 4827 + +# TAG: mcast_groups +# This tag specifies a list of multicast groups which your server +# should join to receive multicasted ICP queries. +# +# NOTE! Be very careful what you put here! Be sure you +# understand the difference between an ICP _query_ and an ICP +# _reply_. This option is to be set only if you want to RECEIVE +# multicast queries. Do NOT set this option to SEND multicast +# ICP (use cache_peer for that). ICP replies are always sent via +# unicast, so this option does not affect whether or not you will +# receive replies from multicast group members. +# +# You must be very careful to NOT use a multicast address which +# is already in use by another group of caches. +# +# If you are unsure about multicast, please read the Multicast +# chapter in the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/). +# +# Usage: mcast_groups 239.128.16.128 224.0.1.20 +# +# By default, Squid doesn't listen on any multicast groups. +# +#mcast_groups 239.128.16.128 + +# TAG: tcp_outgoing_address +# TAG: udp_incoming_address +# TAG: udp_outgoing_address +# Usage: tcp_incoming_address 10.20.30.40 +# udp_outgoing_address fully.qualified.domain.name +# +# tcp_outgoing_address is used for connections made to remote +# servers and other caches. +# udp_incoming_address is used for the ICP socket receiving packets +# from other caches. +# udp_outgoing_address is used for ICP packets sent out to other +# caches. +# +# The default behavior is to not bind to any specific address. +# +# NOTE, udp_incoming_address and udp_outgoing_address can not +# have the same value (unless it is 0.0.0.0) since they both use +# port 3130. +# +# NOTE, tcp_incoming_address has been removed. You can now +# specify IP addresses on the 'http_port' line. +# +#tcp_outgoing_address 0.0.0.0 +#udp_incoming_address 0.0.0.0 +#udp_outgoing_address 0.0.0.0 + + +# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM +# ----------------------------------------------------------------------------- + +# TAG: cache_peer +# To specify other caches in a hierarchy, use the format: +# +# hostname type http_port icp_port +# +# For example, +# +# # proxy icp +# # hostname type port port options +# # -------------------- -------- ----- ----- ----------- +# cache_peer parent.foo.net parent 3128 3130 [proxy-only] +# cache_peer sib1.foo.net sibling 3128 3130 [proxy-only] +# cache_peer sib2.foo.net sibling 3128 3130 [proxy-only] +# +# type: either 'parent', 'sibling', or 'multicast'. +# +# proxy_port: The port number where the cache listens for proxy +# requests. +# +# icp_port: Used for querying neighbor caches about +# objects. To have a non-ICP neighbor +# specify '7' for the ICP port and make sure the +# neighbor machine has the UDP echo port +# enabled in its /etc/inetd.conf file. +# +# options: proxy-only +# weight=n +# ttl=n +# no-query +# default +# round-robin +# multicast-responder +# closest-only +# no-digest +# no-netdb-exchange +# no-delay +# login=user:password +# connect-timeout=nn +# digest-url=url +# +# use 'proxy-only' to specify that objects fetched +# from this cache should not be saved locally. +# +# use 'weight=n' to specify a weighted parent. +# The weight must be an integer. The default weight +# is 1, larger weights are favored more. +# +# use 'ttl=n' to specify a IP multicast TTL to use +# when sending an ICP queries to this address. +# Only useful when sending to a multicast group. +# Because we don't accept ICP replies from random +# hosts, you must configure other group members as +# peers with the 'multicast-responder' option below. +# +# use 'no-query' to NOT send ICP queries to this +# neighbor. +# +# use 'default' if this is a parent cache which can +# be used as a "last-resort." You should probably +# only use 'default' in situations where you cannot +# use ICP with your parent cache(s). +# +# use 'round-robin' to define a set of parents which +# should be used in a round-robin fashion in the +# absence of any ICP queries. +# +# 'multicast-responder' indicates that the named peer +# is a member of a multicast group. ICP queries will +# not be sent directly to the peer, but ICP replies +# will be accepted from it. +# +# 'closest-only' indicates that, for ICP_OP_MISS +# replies, we'll only forward CLOSEST_PARENT_MISSes +# and never FIRST_PARENT_MISSes. +# +# use 'no-digest' to NOT request cache digests from +# this neighbor. +# +# 'no-netdb-exchange' disables requesting ICMP +# RTT database (NetDB) from the neighbor. +# +# use 'no-delay' to prevent access to this neighbor +# from influencing the delay pools. +# +# use 'login=user:password' if this is a personal/workgroup +# proxy and your parent requires proxy authentication. +# +# use 'connect-timeout=nn' to specify a peer +# specific connect timeout (also see the +# peer_connect_timeout directive) +# +# use 'digest-url=url' to tell Squid to fetch the cache +# digest (if digests are enabled) for this host from +# the specified URL rather than the Squid default +# location. +# +# NOTE: non-ICP neighbors must be specified as 'parent'. +# +#cache_peer hostname type 3128 3130 + +# TAG: cache_peer_domain +# Use to limit the domains for which a neighbor cache will be +# queried. Usage: +# +# cache_peer_domain cache-host domain [domain ...] +# cache_peer_domain cache-host !domain +# +# For example, specifying +# +# cache_peer_domain parent.foo.net .edu +# +# has the effect such that UDP query packets are sent to +# 'bigserver' only when the requested object exists on a +# server in the .edu domain. Prefixing the domainname +# with '!' means that the cache will be queried for objects +# NOT in that domain. +# +# NOTE: * Any number of domains may be given for a cache-host, +# either on the same or separate lines. +# * When multiple domains are given for a particular +# cache-host, the first matched domain is applied. +# * Cache hosts with no domain restrictions are queried +# for all requests. +# * There are no defaults. +# * There is also a 'cache_peer_access' tag in the ACL +# section. + +# TAG: neighbor_type_domain +# usage: neighbor_type_domain parent|sibling domain domain ... +# +# Modifying the neighbor type for specific domains is now +# possible. You can treat some domains differently than the the +# default neighbor type specified on the 'cache_peer' line. +# Normally it should only be necessary to list domains which +# should be treated differently because the default neighbor type +# applies for hostnames which do not match domains listed here. +# +#EXAMPLE: +# cache_peer parent cache.foo.org 3128 3130 +# neighbor_type_domain cache.foo.org sibling .com .net +# neighbor_type_domain cache.foo.org sibling .au .de + +# TAG: icp_query_timeout (msec) +# Normally Squid will automatically determine an optimal ICP +# query timeout value based on the round-trip-time of recent ICP +# queries. If you want to override the value determined by +# Squid, set this 'icp_query_timeout' to a non-zero value. This +# value is specified in MILLISECONDS, so, to use a 2-second +# timeout (the old default), you would write: +# +# icp_query_timeout 2000 +# +#icp_query_timeout 0 + +# TAG: maximum_icp_query_timeout (msec) +# Normally the ICP query timeout is determined dynamically. But +# sometimes it can lead to very large values (say 5 seconds). +# Use this option to put an upper limit on the dynamic timeout +# value. Do NOT use this option to always use a fixed (instead +# of a dynamic) timeout value. +# +# If 'icp_query_timeout' is set to zero, then this value is +# ignored. +#maximum_icp_query_timeout 2000 + +# TAG: mcast_icp_query_timeout (msec) +# For Multicast peers, Squid regularly sends out ICP "probes" to +# count how many other peers are listening on the given multicast +# address. This value specifies how long Squid should wait to +# count all the replies. The default is 2000 msec, or 2 +# seconds. +# +#mcast_icp_query_timeout 2000 + +# TAG: dead_peer_timeout (seconds) +# This controls how long Squid waits to declare a peer cache +# as "dead." If there are no ICP replies received in this +# amount of time, Squid will declare the peer dead and not +# expect to receive any further ICP replies. However, it +# continues to send ICP queries, and will mark the peer as +# alive upon receipt of the first subsequent ICP reply. +# +# This timeout also affects when Squid expects to receive ICP +# replies from peers. If more than 'dead_peer' seconds have +# passed since the last ICP reply was received, Squid will not +# expect to receive an ICP reply on the next query. Thus, if +# your time between requests is greater than this timeout, you +# will see a lot of requests sent DIRECT to origin servers +# instead of to your parents. +# +#dead_peer_timeout 10 seconds + +# TAG: hierarchy_stoplist +# A list of words which, if found in a URL, cause the object to +# be handled directly by this cache. In other words, use this +# to not query neighbor caches for certain objects. You may +# list this option multiple times. +# +# The default is to directly fetch URLs containing 'cgi-bin' or '?'. +# +#hierarchy_stoplist cgi-bin ? + +# TAG: no_cache +# A list of ACL elements which, if matched, cause the reply to +# immediately removed from the cache. In other words, use this +# to force certain objects to never be cached. +# +# You must use the word 'DENY' to indicate the ACL names which should +# NOT be cached. +# +# There is no default. We recommend you uncomment the following +# two lines. +# +#acl QUERY urlpath_regex cgi-bin \? +#no_cache deny QUERY + + +# OPTIONS WHICH AFFECT THE CACHE SIZE +# ----------------------------------------------------------------------------- + +# TAG: cache_mem (bytes) +# NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS +# SIZE. IT PLACES A LIMIT ON ONE ASPECT OF SQUID'S MEMORY +# USAGE. SQUID USES MEMORY FOR OTHER THINGS AS WELL. +# YOUR PROCESS WILL PROBABLY BECOME TWICE OR THREE TIMES +# BIGGER THAN THE VALUE YOU PUT HERE +# +# 'cache_mem' specifies the ideal amount of memory to be used +# for: +# * In-Transit objects +# * Hot Objects +# * Negative-Cached objects +# +# Data for these objects are stored in 4 KB blocks. This +# parameter specifies the ideal upper limit on the total size of +# 4 KB blocks allocated. In-Transit objects take the highest +# priority. +# +# In-transit objects have priority over the others. When +# additional space is needed for incoming data, negative-cached +# and hot objects will be released. In other words, the +# negative-cached and hot objects will fill up any unused space +# not needed for in-transit objects. +# +# If circumstances require, this limit will be exceeded. +# Specifically, if your incoming request rate requires more than +# 'cache_mem' of memory to hold in-transit objects, Squid will +# exceed this limit to satisfy the new requests. When the load +# decreases, blocks will be freed until the high-water mark is +# reached. Thereafter, blocks will be used to store hot +# objects. +# +# The default is 8 Megabytes. +# +#cache_mem 8 MB + +# TAG: cache_swap_low (percent, 0-100) +# TAG: cache_swap_high (percent, 0-100) +# +# The low- and high-water marks for cache object replacement. +# Replacement begins when the swap (disk) usage is above the +# low-water mark and attempts to maintain utilization near the +# low-water mark. As swap utilization gets close to high-water +# mark object eviction becomes more aggressive. If utilization is +# close to the low-water mark less replacement is done each time. +# +# Defaults are 90% and 95%. If you have a large cache, 5% could be +# hundreds of MB. If this is the case you may wish to set these +# numbers closer together. +# +#cache_swap_low 90 +#cache_swap_high 95 + +# TAG: maximum_object_size (bytes) +# Objects larger than this size will NOT be saved on disk. The +# value is specified in kilobytes, and the default is 4MB. If +# you wish to get a high BYTES hit ratio, you should probably +# increase this (one 32 MB object hit counts for 3200 10KB +# hits). If you wish to increase speed more than your want to +# save bandwidth you should leave this low. +# +# NOTE: if using the LFUDA replacement policy you should increase +# this value to maximize the byte hit rate improvement of LFUDA! +# See replacement_policy below for a discussion of this policy. +# +#maximum_object_size 4096 KB + +# TAG: minimum_object_size (bytes) +# Objects smaller than this size will NOT be saved on disk. The +# value is specified in kilobytes, and the default is 0 KB, which +# means there is no minimum. +#minimum_object_size 0 KB + +# TAG: ipcache_size (number of entries) +# TAG: ipcache_low (percent) +# TAG: ipcache_high (percent) +# The size, low-, and high-water marks for the IP cache. +# +#ipcache_size 1024 +#ipcache_low 90 +#ipcache_high 95 + +# TAG: fqdncache_size (number of entries) +# Maximum number of FQDN cache entries. +#fqdncache_size 1024 + + +# LOGFILE PATHNAMES AND CACHE DIRECTORIES +# ----------------------------------------------------------------------------- + +# TAG: cache_dir +# Usage: +# +# cache_dir Type Directory-Name Mbytes Level-1 Level2 +# +# You can specify multiple cache_dir lines to spread the +# cache among different disk partitions. +# +# Type specifies the kind of storage system to use. Most +# everyone will want to use "ufs" as the type. If you are using +# Async I/O (--enable async-io) on Linux or Solaris, then you may +# want to try "asyncufs" as the type. Async IO support may be +# buggy, however, so beware. +# +# 'Directory' is a top-level directory where cache swap +# files will be stored. If you want to use an entire disk +# for caching, then this can be the mount-point directory. +# The directory must exist and be writable by the Squid +# process. Squid will NOT create this directory for you. +# +# If no 'cache_dir' lines are specified, the following +# default will be used: /usr/cache. +# +# 'Mbytes' is the amount of disk space (MB) to use under this +# directory. The default is 100 MB. Change this to suit your +# configuration. +# +# 'Level-1' is the number of first-level subdirectories which +# will be created under the 'Directory'. The default is 16. +# +# 'Level-2' is the number of second-level subdirectories which +# will be created under each first-level directory. The default +# is 256. +# +cache_dir ufs /var/cache/squid 100 16 256 + +# TAG: cache_access_log +# Logs the client request activity. Contains an entry for +# every HTTP and ICP queries received. +# +cache_access_log /var/log/squid/squid.access + +# TAG: cache_log +# Cache logging file. This is where general information about +# your cache's behavior goes. You can increase the amount of data +# logged to this file with the "debug_options" tag below. +# +cache_log /var/log/squid/squid.cache + +# TAG: cache_store_log +# Logs the activities of the storage manager. Shows which +# objects are ejected from the cache, and which objects are +# saved and for how long. To disable, enter "none". There are +# not really utilities to analyze this data, so you can safely +# disable it. +# +cache_store_log /var/log/squid/squid.store + +# TAG: cache_swap_log +# Location for the cache "swap.log." This log file holds the +# metadata of objects saved on disk. It is used to rebuild the +# cache during startup. Normally this file resides in the first +# 'cache_dir' directory, but you may specify an alternate +# pathname here. Note you must give a full filename, not just +# a directory. Since this is the index for the whole object +# list you CANNOT periodically rotate it! +# +# If you have more than one 'cache_dir', these swap logs will +# have names such as: +# +# cache_swap_log.00 +# cache_swap_log.01 +# cache_swap_log.02 +# +# The numbered extension (which is added automatically) +# corresponds to the order of the 'cache_dir' lines in this +# configuration file. If you change the order of the 'cache_dir' +# lines in this file, then these log files will NOT correspond to +# the correct 'cache_dir' entry (unless you manually rename +# them). We recommend that you do NOT use this option. It is +# better to keep these log files in each 'cache_dir' directory. +# +#cache_swap_log + +# TAG: emulate_httpd_log on|off +# The Cache can emulate the log file format which many 'httpd' +# programs use. To disable/enable this emulation, set +# emulate_httpd_log to 'off' or 'on'. The default +# is to use the native log format since it includes useful +# information that Squid-specific log analyzers use. +# +#emulate_httpd_log off + +# TAG: mime_table +# Pathname to Squid's MIME table. You shouldn't need to change +# this, but the default file contains examples and formatting +# information if you do. +# +#mime_table /etc/squid/mime.conf + +# TAG: log_mime_hdrs on|off +# The Cache can record both the request and the response MIME +# headers for each HTTP transaction. The headers are encoded +# safely and will appear as two bracketed fields at the end of +# the access log (for either the native or httpd-emulated log +# formats). To enable this logging set log_mime_hdrs to 'on'. +# +#log_mime_hdrs off + +# TAG: useragent_log +# If configured with the "--enable-useragent_log" configure +# option, Squid will write the User-Agent field from HTTP +# requests to the filename specified here. By default +# useragent_log is disabled. +# +#useragent_log none + +# TAG: pid_filename +# A filename to write the process-id to. To disable, enter "none". +# +pid_filename /var/run/squid.pid + +# TAG: debug_options +# Logging options are set as section,level where each source file +# is assigned a unique section. Lower levels result in less +# output, Full debugging (level 9) can result in a very large +# log file, so be careful. The magic word "ALL" sets debugging +# levels for all sections. We recommend normally running with +# "ALL,1". +# +#debug_options ALL,1 + +# TAG: log_fqdn on|off +# Turn this on if you wish to log fully qualified domain names +# in the access.log. To do this Squid does a DNS lookup of all +# IP's connecting to it. This can (in some situations) increase +# latency, which makes your cache seem slower for interactive +# browsing. +# +#log_fqdn off + +# TAG: client_netmask +# A netmask for client addresses in logfiles and cachemgr output. +# Change this to protect the privacy of your cache clients. +# A netmask of 255.255.255.0 will log all IP's in that range with +# the last digit set to '0'. +# +#client_netmask 255.255.255.255 + + +# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS +# ----------------------------------------------------------------------------- + +# TAG: ftp_user +# If you want the anonymous login password to be more informative +# (and enable the use of picky ftp servers), set this to something +# reasonable for your domain, like wwwuser@somewhere.net +# +# The reason why this is domainless by default is that the +# request can be made on the behalf of a user in any domain, +# depending on how the cache is used. +# Some ftp server also validate that the email address is valid +# (for example perl.com). +# +#ftp_user Squid@ + +# TAG: ftp_list_width +# Sets the width of ftp listings. This should be set to fit in +# the width of a standard browser. Setting this too small +# can cut off long filenames when browsing ftp sites. +# +#ftp_list_width 32 + +# TAG: ftp_passive +# If your firewall does not allow Squid to use passive +# connections, then turn off this option. +##ftp_passive on + +# TAG: cache_dns_program +# Specify the location of the executable for dnslookup process. +# +#cache_dns_program /usr/bin/dnsserver + +# TAG: dns_children +# The number of processes spawn to service DNS name lookups. +# For heavily loaded caches on large servers, you should +# probably increase this value to at least 10. The maximum +# is 32. The default is 5. +# +# You must have at least one dnsserver process. +# +#dns_children 5 + +# TAG: dns_defnames on|off +# Normally the 'dnsserver' disables the RES_DEFNAMES resolver +# option (see res_init(3)). This prevents caches in a hierarchy +# from interpreting single-component hostnames locally. To allow +# dnsserver to handle single-component names, enable this +# option. +# +#dns_defnames off + +# TAG: dns_nameservers +# Use this if you want to specify a list of DNS name servers +# (IP addresses) to use instead of those given in your +# /etc/resolv.conf file. +# +# Example: dns_nameservers 10.0.0.1 192.172.0.4 +# +#dns_nameservers none + +# TAG: unlinkd_program +# Specify the location of the executable for file deletion process. +# This isn't needed if you are using async-io since it's handled by +# a thread. +# +#unlinkd_program /usr/bin/unlinkd + +# TAG: pinger_program +# Specify the location of the executable for the pinger process. +# This is only useful if you configured Squid (during compilation) +# with the '--enable-icmp' option. +# +#pinger_program /usr/bin/pinger + +# TAG: redirect_program +# Specify the location of the executable for the URL redirector. +# Since they can perform almost any function there isn't one included. +# See the Release-Notes for information on how to write one. +# By default, a redirector is not used. +# +#redirect_program none + +# TAG: redirect_children +# The number of redirector processes to spawn. If you start +# too few Squid will have to wait for them to process a backlog of +# URLs, slowing it down. If you start too many they will use RAM +# and other system resources. +# +#redirect_children 5 + +# TAG: redirect_rewrites_host_header +# By default Squid rewrites any Host: header in redirected +# requests. If you are running a accelerator then this may +# not be a wanted effect of a redirector. +#redirect_rewrites_host_header on + +# TAG: redirector_access +# If defined, this access list specifies which requests are +# sent to the redirector processes. By default all requests +# are sent. + +# TAG: authenticate_program +# Specify the command for the external authenticator. Such a +# program reads a line containing "username password" and replies +# "OK" or "ERR" in an endless loop. If you use an authenticator, +# make sure you have 1 acl of type proxy_auth. By default, the +# authenticator_program is not used. +# +# If you want to use the traditional proxy authentication, +# jump over to the ../auth_modules/NCSA directory and +# type: +# % make +# % make install +# +# Then, set this line to something like +# +# authenticate_program /usr/bin/ncsa_auth /usr/etc/passwd +# +#authenticate_program none + +# TAG: authenticate_children +# The number of authenticator processes to spawn (default 5). If you +# start too few Squid will have to wait for them to process a backlog +# of usercode/password verifications, slowing it down. When password +# verifications are done via a (slow) network you are likely to need +# lots of authenticator processes. +# +#authenticate_children 5 + +# TAG: authenticate_ttl +# The time a checked username/password combination remains cached +# (default 3600). If a wrong password is given for a cached user, +# the user gets removed from the username/password cache forcing +# a revalidation. +# +#authenticate_ttl 3600 + +# TAG: authenticate_ip_ttl +# With this option you control how long a proxy authentication +# will be bound to a specific IP address. If a request using +# the same user name is received during this time then access +# will be denied and both users are required to reauthenticate +# them selves. The idea behind this is to make it annoying +# for people to share their password to their friends, but +# yet allow a dialup user to reconnect on a different dialup +# port. +# +# The default is 0 to disable the check. Recommended value +# if you have dialup users are no more than 60 (seconds). If +# all your users are stationary then higher values may be +# used. +# +#authenticate_ip_ttl 0 + + +# OPTIONS FOR TUNING THE CACHE +# ----------------------------------------------------------------------------- + +# TAG: wais_relay_host +# TAG: wais_relay_port +# Relay WAIS request to host (1st arg) at port (2 arg). +# +#wais_relay_host localhost +#wais_relay_port 8000 + +# TAG: request_header_max_size (KB) +# This specifies the maximum size for HTTP headers in a request. +# Request headers are usually relatively small (about 512 bytes). +# Placing a limit on the request header size will catch certain +# bugs (for example with persistent connections) and possibly +# buffer-overflow or denial-of-service attacks. +#request_header_max_size 10 KB + +# TAG: request_body_max_size (KB) +# This specifies the maximum size for an HTTP request body. +# In other words, the maximum size of a PUT/POST request. +# A user who attempts to send a request with a body larger +# than this limit receives an "Invalid Request" error message. +# If you set this parameter to a zero, there will be no limit +# imposed. +#request_body_max_size 1 MB + +# TAG: reply_body_max_size (KB) +# This option specifies the maximum size of a reply body. It +# can be used to prevent users from downloading very large files, +# such as MP3's and movies. The reply size is checked twice. +# First when we get the reply headers, we check the +# content-length value. If the content length value exists and +# is larger than this parameter, the request is denied and the +# user receives an error message that says "the request or reply +# is too large." If there is no content-length, and the reply +# size exceeds this limit, the client's connection is just closed +# and they will receive a partial reply. +# +# NOTE: downstream caches probably can not detect a partial reply +# if there is no content-length header, so they will cache +# partial responses and give them out as hits. You should NOT +# use this option if you have downstream caches. +# +# If you set this parameter to zero (the default), there will be +# no limit imposed. +#reply_body_max_size 0 + +# TAG: refresh_pattern +# usage: refresh_pattern [-i] regex min percent max [options] +# +# By default, regular expressions are CASE-SENSITIVE. To make +# them case-insensitive, use the -i option. +# +# 'Min' is the time (in minutes) an object without an explicit +# expiry time should be considered fresh. The recommended +# value is 0, any higher values may cause dynamic applications +# to be erroneously cached unless the application designer +# has taken the appropriate actions. +# +# 'Percent' is a percentage of the objects age (time since last +# modification age) an object without explicit expiry time +# will be considered fresh. +# +# 'Max' is an upper limit on how long objects without an explicit +# expiry time will be considered fresh. +# +# options: override-expire +# override-lastmod +# reload-into-ims +# ignore-reload +# +# override-expire enforces min age even if the server +# sent a Expires: header. Doing this VIOLATES the HTTP +# standard. Enabling this feature could make you liable +# for problems which it causes. +# +# override-lastmod enforces min age even on objects +# that was modified recently. +# +# reload-into-ims changes client no-cache or ``reload'' +# to If-Modified-Since requests. Doing this VIOLATES the +# HTTP standard. Enabling this feature could make you +# liable for problems which it causes. +# +# ignore-reload ignores a client no-cache or ``reload'' +# header. Doing this VIOLATES the HTTP standard. Enabling +# this feature could make you liable for problems which +# it causes. +# +# Please see the file doc/Release-Notes-1.1.txt for a full +# description of Squid's refresh algorithm. Basically a +# cached object is: (the order is changed from 1.1.X) +# +# FRESH if expires < now, else STALE +# STALE if age > max +# FRESH if lm-factor < percent, else STALE +# FRESH if age < min +# else STALE +# +# The refresh_pattern lines are checked in the order listed here. +# The first entry which matches is used. If none of the entries +# match, then the default will be used. +# +#Default: +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern . 0 20% 4320 + +# TAG: replacement_policy +# The cache replacement policy parameter determines which +# objects are evicted (replaced) when disk space is needed. +# Squid used to have only a single replacement policy, LRU. +# But when built with -DHEAP_REPLACEMENT you can choose +# between two new, enhanced policies: +# +# GDSF: Greedy-Dual Size Frequency +# LFUDA: Least Frequently Used with Dynamic Aging +# +# Both of these policies are frequency based rather than recency +# based, and perform better than LRU. +# +# The GDSF policy optimizes object hit rate by keeping smaller +# popular objects in cache so it has a better chance of getting a +# hit. It achieves a lower byte hit rate than LFUDA though since +# it evicts larger (possibly popular) objects. +# +# The LFUDA policy keeps popular objects in cache regardless of +# their size and thus optimizes byte hit rate at the expense of +# hit rate since one large, popular object will prevent many +# smaller, slightly less popular objects from being cached. +# +# Both policies utilize a dynamic aging mechanism that prevents +# cache pollution that can otherwise occur with frequency-based +# replacement policies. +# +# NOTE: if using the LFUDA replacement policy you should increase +# the value of maximum_object_size above its default of 4096 KB to +# to maximize the potential byte hit rate improvement of LFUDA. +# +# For more information about these cache replacement policies see +# http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html and +# http://fog.hpl.external.hp.com/techreports/98/HPL-98-173.html. +# +#replacement_policy LFUDA + +# TAG: reference_age +# As a part of normal operation, Squid performs Least Recently +# Used removal of cached objects. The LRU age for removal is +# computed dynamically, based on the amount of disk space in +# use. The dynamic value can be seen in the Cache Manager 'info' +# output. +# +# The 'reference_age' parameter defines the maximum LRU age. For +# example, setting reference_age to '1 week' will cause objects +# to be removed if they have not been accessed for a week or +# more. The default value is one year. +# +# Specify a number here, followed by units of time. For example: +# 1 week +# 3.5 days +# 4 months +# 2.2 hours +# +# NOTE: this parameter is not used when using the enhanced +# replacement policies, GDSH or LFUDA. +# +#reference_age 1 year + +# TAG: quick_abort_min (KB) +# TAG: quick_abort_max (KB) +# TAG: quick_abort_pct (percent) +# The cache can be configured to continue downloading aborted +# requests. This may be undesirable on slow (e.g. SLIP) links +# and/or very busy caches. Impatient users may tie up file +# descriptors and bandwidth by repeatedly requesting and +# immediately aborting downloads. +# +# When the user aborts a request, Squid will check the +# quick_abort values to the amount of data transfered until +# then. +# +# If the transfer has less than 'quick_abort_min' KB remaining, +# it will finish the retrieval. Setting 'quick_abort_min' to -1 +# will disable the quick_abort feature. +# +# If the transfer has more than 'quick_abort_max' KB remaining, +# it will abort the retrieval. +# +# If more than 'quick_abort_pct' of the transfer has completed, +# it will finish the retrieval. +# +#quick_abort_min 16 KB +#quick_abort_max 16 KB +#quick_abort_pct 95 + +# TAG: negative_ttl time-units +# Time-to-Live (TTL) for failed requests. Certain types of +# failures (such as "connection refused" and "404 Not Found") are +# negatively-cached for a configurable amount of time. The +# default is 5 minutes. Note that this is different from +# negative caching of DNS lookups. +# +#negative_ttl 5 minutes + +# TAG: positive_dns_ttl time-units +# Time-to-Live (TTL) for positive caching of successful DNS lookups. +# Default is 6 hours (360 minutes). If you want to minimize the +# use of Squid's ipcache, set this to 1, not 0. +# +#positive_dns_ttl 6 hours + +# TAG: negative_dns_ttl time-units +# Time-to-Live (TTL) for negative caching of failed DNS lookups. +# +#negative_dns_ttl 5 minutes + +# TAG: range_offset_limit (bytes) +# Sets a upper limit on how far into the the file a Range request +# may be to cause Squid to prefetch the whole file. If beyond this +# limit then Squid forwards the Range request as it is and the result +# is NOT cached. +# +# This is to stop a far ahead range request (lets say start at 17MB) +# from making Squid fetch the whole object up to that point before +# sending anything to the client. +# +# A value of -1 causes Squid to always fetch the object from the +# beginning so that it may cache the result. (2.0 style) +# +# A value of 0 causes Squid to never fetch more than the client +# client requested. (default) +# +#range_offset_limit 0 KB + + +# TIMEOUTS +# ----------------------------------------------------------------------------- + +# TAG: connect_timeout time-units +# Some systems (notably Linux) can not be relied upon to properly +# time out connect(2) requests. Therefore the Squid process +# enforces its own timeout on server connections. This parameter +# specifies how long to wait for the connect to complete. The +# default is two minutes (120 seconds). +# +#connect_timeout 120 seconds + +# TAG: peer_connect_timeout time-units +# This parameter specifies how long to wait for a pending TCP +# connection to a peer cache. The default is 30 seconds. You +# may also set different timeout values for individual neighbors +# with the 'connect-timeout' option on a 'cache_peer' line. +#peer_connect_timeout 30 seconds + +# TAG: siteselect_timeout time-units +# For URN to multiple URL's URL selection +# +#siteselect_timeout 4 seconds + +# TAG: read_timeout time-units +# The read_timeout is applied on server-side connections. After +# each successful read(), the timeout will be extended by this +# amount. If no data is read again after this amount of time, +# the request is aborted and logged with ERR_READ_TIMEOUT. The +# default is 15 minutes. +# +#read_timeout 15 minutes + +# TAG: request_timeout +# How long to wait for an HTTP request after connection +# establishment. For persistent connections, wait this long +# after the previous request completes. +# +#request_timeout 30 seconds + +# TAG: client_lifetime time-units +# The maximum amount of time that a client (browser) is allowed to +# remain connected to the cache process. This protects the Cache +# from having a lot of sockets (and hence file descriptors) tied up +# in a CLOSE_WAIT state from remote clients that go away without +# properly shutting down (either because of a network failure or +# because of a poor client implementation). The default is one +# day, 1440 minutes. +# +# NOTE: The default value is intended to be much larger than any +# client would ever need to be connected to your cache. You +# should probably change client_lifetime only as a last resort. +# If you seem to have many client connections tying up +# filedescriptors, we recommend first tuning the read_timeout, +# request_timeout, pconn_timeout and quick_abort values. +# +#client_lifetime 1 day + +# TAG: half_closed_clients +# Some clients may shutdown the sending side of their TCP +# connections, while leaving their receiving sides open. Sometimes, +# Squid can not tell the difference between a half-closed and a +# fully-closed TCP connection. By default, half-closed client +# connections are kept open until a read(2) or write(2) on the +# socket returns an error. Change this option to 'off' and Squid +# will immediately close client connections when read(2) returns +# "no more data to read." +# +#half_closed_clients on + +# TAG: pconn_timeout +# Timeout for idle persistent connections to servers and other +# proxies. +#pconn_timeout 120 seconds + +# TAG: ident_timeout +# Maximum time to wait for IDENT requests. If this is too high, +# and you enabled 'ident_lookup', then you might be susceptible +# to denial-of-service by having many ident requests going at +# once. +# +# Only src type ACL checks are fully supported. A src_domain +# ACL might work at times, but it will not always provide +# the correct result. +# +# This option may be disabled by using --disable-ident with +# the configure script. +#ident_timeout 10 seconds + +# TAG: shutdown_lifetime time-units +# When SIGTERM or SIGHUP is received, the cache is put into +# "shutdown pending" mode until all active sockets are closed. +# This value is the lifetime to set for all open descriptors +# during shutdown mode. Any active clients after this many +# seconds will receive a 'timeout' message. +# +#shutdown_lifetime 30 seconds + + +# ACCESS CONTROLS +# ----------------------------------------------------------------------------- + +# TAG: acl +# Defining an Access List +# +# acl aclname acltype string1 ... +# acl aclname acltype "file" ... +# +# when using "file", the file should contain one item per line +# +# acltype is one of src dst srcdomain dstdomain url_pattern +# urlpath_pattern time port proto method browser user +# +# By default, regular expressions are CASE-SENSITIVE. To make +# them case-insensitive, use the -i option. +# +# acl aclname src ip-address/netmask ... (clients IP address) +# acl aclname src addr1-addr2/netmask ... (range of addresses) +# acl aclname dst ip-address/netmask ... (URL host's IP address) +# acl aclname myip ip-address/netmask ... (local socket IP address) +# +# acl aclname srcdomain .foo.com ... # reverse lookup, client IP +# acl aclname dstdomain .foo.com ... # Destination server from URL +# acl aclname srcdom_regex [-i] xxx ... # regex matching client name +# acl aclname dstdom_regex [-i] xxx ... # regex matching server +# # For dstdomain and dstdom_regex a reverse lookup is tried if a IP +# # based URL is used. The name "none" is used if the reverse lookup +# # fails. +# +# acl aclname time [day-abbrevs] [h1:m1-h2:m2] +# day-abbrevs: +# S - Sunday +# M - Monday +# T - Tuesday +# W - Wednesday +# H - Thursday +# F - Friday +# A - Saturday +# h1:m1 must be less than h2:m2 +# acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL +# acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path +# acl aclname port 80 70 21 ... +# acl aclname port 0-1024 ... # ranges allowed +# acl aclname myport 3128 ... # (local socket TCP port) +# acl aclname proto HTTP FTP ... +# acl aclname method GET POST ... +# acl aclname browser [-i] regexp +# # pattern match on User-Agent header +# acl aclname ident username ... +# # string match on ident output. +# # use REQUIRED to accept any non-null ident. +# acl aclname src_as number ... +# acl aclname dst_as number ... +# # Except for access control, AS numbers can be used for +# # routing of requests to specific caches. Here's an +# # example for routing all requests for AS#1241 and only +# # those to mycache.mydomain.net: +# # acl asexample dst_as 1241 +# # cache_peer_access mycache.mydomain.net allow asexample +# # cache_peer_access mycache_mydomain.net deny all +# +# acl aclname proxy_auth username ... +# # list of valid usernames +# # use REQUIRED to accept any valid username. +# # +# # NOTE: when a Proxy-Authentication header is sent but it is not +# # needed during ACL checking the username is NOT logged +# # in access.log. +# # +# # NOTE: proxy_auth requires a EXTERNAL authentication program +# # to check username/password combinations (see +# # authenticate_program). +# # +# # WARNING: proxy_auth can't be used in a transparent proxy. It +# # collides with any authentication done by origin servers. It may +# # seem like it works at first, but it doesn't. +# +# acl aclname snmp_community string ... +# # A community string to limit access to your SNMP Agent +# # Example: +# # +# # acl snmppublic snmp_community public +# +# acl aclname maxconn number +# # This will be matched when the client's IP address has +# # more than <number> HTTP connections established. +# +# +#Examples: +#acl myexample dst_as 1241 +#acl password proxy_auth REQUIRED +# +#Defaults: +acl all src 0.0.0.0/0.0.0.0 +acl manager proto cache_object +acl localhost src 127.0.0.1/255.255.255.255 +acl SSL_ports port 443 563 +acl Safe_ports port 80 21 443 563 70 210 1025-65535 +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT + +# TAG: http_access +# Allowing or Denying access based on defined access lists +# +# Access to the HTTP port: +# http_access allow|deny [!]aclname ... +# +# Access to the ICP port: +# icp_access allow|deny [!]aclname ... +# +# NOTE on default values: +# +# If there are no "access" lines present, the default is to allow +# the request. +# +# If none of the "access" lines cause a match, the default is the +# opposite of the last line in the list. If the last line was +# deny, then the default is allow. Conversely, if the last line +# is allow, the default will be deny. For these reasons, it is a +# good idea to have an "deny all" or "allow all" entry at the end +# of your access lists to avoid potential confusion. +# +#Default configuration: +http_access allow manager localhost +http_access deny manager +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +# +# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS +# +http_access deny all + +# TAG: icp_access +# Reply to all ICP queries we receive +# +icp_access allow all + +# TAG: miss_access +# Use to force your neighbors to use you as a sibling instead of +# a parent. For example: +# +# acl localclients src 172.16.0.0/16 +# miss_access allow localclients +# miss_access deny !localclients +# +# This means that only your local clients are allowed to fetch +# MISSES and all other clients can only fetch HITS. +# +# By default, allow all clients who passed the http_access rules +# to fetch MISSES from us. +miss_access allow all + +# TAG: cache_peer_access +# Similar to 'cache_peer_domain' but provides more flexibility by +# using ACL elements. +# +# cache_peer_access cache-host allow|deny [!]aclname ... +# +# The syntax is identical to 'http_access' and the other lists of +# ACL elements. See the comments for 'http_access' below, or +# the Squid FAQ (http://squid.nlanr.net/Squid/FAQ/FAQ-10.html). + +# TAG: proxy_auth_realm +# Specifies the realm name which is to be reported to the client for +# proxy authentication (part of the text the user will see when +# prompted their username and password). +# +#proxy_auth_realm Squid proxy-caching web server + +# TAG: ident_lookup_access +# A list of ACL elements which, if matched, cause an ident +# (RFC 931) lookup to be performed for this request. For +# example, you might choose to always perform ident lookups +# for your main multi-user Unix boxes, but not for your Macs +# and PCs. By default, ident lookups are not performed for +# any requests. +# +# To enable ident lookups for specific client addresses, you +# can follow this example: +# +# acl ident_aware_hosts src 198.168.1.0/255.255.255.0 +# ident_lookup_access allow ident_aware_hosts +# ident_lookup_access deny all +# +# This option may be disabled by using --disable-ident with +# the configure script. +#ident_lookup_access deny all + + +# ADMINISTRATIVE PARAMETERS +# ----------------------------------------------------------------------------- + +# TAG: cache_mgr +# Email-address of local cache manager who will receive +# mail if the cache dies. The default is "webmaster." +# +#cache_mgr webmaster + +# TAG: cache_effective_user +# TAG: cache_effective_group +# +# If the cache is run as root, it will change its effective/real +# UID/GID to the UID/GID specified below. The default is to +# change to UID to nobody and GID to nogroup. +# +# If Squid is not started as root, the default is to keep the +# current UID/GID. Note that if Squid is not started as root then +# you cannot set http_port to a value lower than 1024. +# +cache_effective_user squid +cache_effective_group daemon + +# TAG: visible_hostname +# If you want to present a special hostname in error messages, etc, +# then define this. Otherwise, the return value of gethostname() +# will be used. If you have multiple caches in a cluster and +# get errors about IP-forwarding you must set them to have individual +# names with this setting. +# +#visible_hostname www-cache.foo.org + +# TAG: unique_hostname +# If you want to have multiple machines with the same +# 'visible_hostname' then you must give each machine a different +# 'unique_hostname' so that forwarding loops can be detected. +# +#unique_hostname www-cache1.foo.org + +# TAG: hostname_aliases +# A list of other DNS names that your cache has. + + +# OPTIONS FOR THE CACHE REGISTRATION SERVICE +# ----------------------------------------------------------------------------- +# +# This section contains parameters for the (optional) cache +# announcement service. This service is provided to help +# cache administrators locate one another in order to join or +# create cache hierarchies. +# +# An 'announcement' message is sent (via UDP) to the registration +# service by Squid. By default, the announcement message is NOT +# SENT unless you enable it with 'announce_period' below. +# +# The announcement message includes your hostname, plus the +# following information from this configuration file: +# +# http_port +# icp_port +# cache_mgr +# +# All current information is processed regularly and made +# available on the Web at http://ircache.nlanr.net/Cache/Tracker/. + +# TAG: announce_period +# This is how frequently to send cache announcements. The +# default is `0' which disables sending the announcement +# messages. +# +# To enable announcing your cache, just uncomment the line +# below. +# +#announce_period 1 day + +# TAG: announce_host +# TAG: announce_file +# TAG: announce_port +# announce_host and announce_port set the hostname and port +# number where the registration message will be sent. +# +# Hostname will default to 'tracker.ircache.net' and port will +# default default to 3131. If the 'filename' argument is given, +# the contents of that file will be included in the announce +# message. +# +#announce_host tracker.ircache.net +#announce_port 3131 + + +# HTTPD-ACCELERATOR OPTIONS +# ----------------------------------------------------------------------------- + +# TAG: httpd_accel_host +# TAG: httpd_accel_port +# If you want to run Squid as an httpd accelerator, define the +# host name and port number where the real HTTP server is. +# +# If you want virtual host support then specify the hostname +# as "virtual". +# +# NOTE: enabling httpd_accel_host disables proxy-caching and +# ICP. If you want these features enabled also, then set +# the 'httpd_accel_with_proxy' option. +# +#httpd_accel_host hostname +#httpd_accel_port port + +# TAG: httpd_accel_with_proxy on|off +# If you want to use Squid as both a local httpd accelerator +# and as a proxy, change this to 'on'. +# +#httpd_accel_with_proxy off + +# TAG: httpd_accel_uses_host_header on|off +# HTTP/1.1 requests include a Host: header which is basically the +# hostname from the URL. Squid can be an accelerator for +# different HTTP servers by looking at this header. However, +# Squid does NOT check the value of the Host header, so it opens +# a big security hole. We recommend that this option remain +# disabled unless you are sure of what you are doing. +# +# However, you will need to enable this option if you run Squid +# as a transparent proxy. Otherwise, virtual servers which +# require the Host: header will not be properly cached. +#httpd_accel_uses_host_header off + + +# MISCELLANEOUS +# ----------------------------------------------------------------------------- + +# TAG: dns_testnames +# The DNS tests exit as soon as the first site is successfully looked up +# +# If you want to disable DNS tests, do not comment out or delete this +# list. Instead use the -D command line option +# +#dns_testnames netscape.com internic.net nlanr.net microsoft.com + +# TAG: logfile_rotate +# Specifies the number of logfile rotations to make when you +# type 'squid -k rotate'. The default is 10, which will rotate +# with extensions 0 through 9. Setting logfile_rotate to 0 will +# disable the rotation, but the logfiles are still closed and +# re-opened. This will enable you to rename the logfiles +# yourself just before sending the rotate signal. +# +# Note, the 'squid -k rotate' command normally sends a USR1 +# signal to the running squid process. In certain situations +# (e.g. on Linux with Async I/O), USR1 is used for other +# purposes, so -k rotate uses another signal. It is best to get +# in the habit of using 'squid -k rotate' instead of 'kill -USR1 +# <pid>'. +# +#logfile_rotate 10 + +# TAG: append_domain +# Appends local domain name to hostnames without any dots in +# them. append_domain must begin with a period. +# +#append_domain .yourdomain.com + +# TAG: tcp_recv_bufsize (bytes) +# Size of receive buffer to set for TCP sockets. Probably just +# as easy to change your kernel's default. Set to zero to use +# the default buffer size. +# +#tcp_recv_bufsize 0 bytes + +# TAG: err_html_text +# HTML text to include in error messages. Make this a "mailto" +# URL to your admin address, or maybe just a link to your +# organizations Web page. +# +# To include this in your error messages, you must rewrite +# the error template files (found in the "errors" directory). +# Wherever you want the 'err_html_text' line to appear, +# insert a %L tag in the error template file. +#err_html_text + +# TAG: deny_info +# Usage: deny_info err_page_name acl +# Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys +# +# This can be used to return a ERR_ page for requests which +# do not pass the 'http_access' rules. A single ACL will cause +# the http_access check to fail. If a 'deny_info' line exists +# for that ACL then Squid returns a corresponding error page. +# +# You may use ERR_ pages that come with Squid or create your own pages +# and put them into the configured errors/ directory. + +# TAG: memory_pools on|off +# If set, Squid will keep pools of allocated (but unused) memory +# available for future use. If memory is a premium on your +# system and you believe your malloc library outperforms Squid +# routines, disable this. +# +#memory_pools on + +# TAG: memory_pools_limit (bytes) +# Used only with memory_pools on: +# memory_pools_limit 50 MB +# +# If set to a non-zero value, Squid will keep at most the specified +# limit of allocated (but unused) memory in memory pools. All free() +# requests that exceed this limit will be handled by your malloc +# library. Squid does not pre-allocate any memory, just safe-keeps +# objects that otherwise would be free()d. Thus, it is safe to set +# memory_pools_limit to a reasonably high value even if your +# configuration will use less memory. +# +# If not set (default) or set to zero, Squid will keep all memory it +# can. That is, there will be no limit on the total amount of memory +# used for safe-keeping. +# +# To disable memory allocation optimization, do not set +# memory_pools_limit to 0. Set memory_pools to "off" instead. +# +# An overhead for maintaining memory pools is not taken into account +# when the limit is checked. This overhead is close to four bytes per +# object kept. However, pools may actually _save_ memory because of +# reduced memory thrashing in your malloc library. + +# TAG: forwarded_for on|off +# If set, Squid will include your system's IP address or name +# in the HTTP requests it forwards. By default it looks like +# this: +# +# X-Forwarded-For: 192.1.2.3 +# +# If you disable this, it will appear as +# +# X-Forwarded-For: unknown +# +#forwarded_for on + +# TAG: log_icp_queries on|off +# If set, ICP queries are logged to access.log. You may wish +# do disable this if your ICP load is VERY high to speed things +# up or to simplify log analysis. +# +#log_icp_queries on + +# TAG: icp_hit_stale on|off +# If you want to return ICP_HIT for stale cache objects, set this +# option to 'on'. If you have sibling relationships with caches +# in other administrative domains, this should be 'off'. If you only +# have sibling relationships with caches under your control, then +# it is probably okay to set this to 'on'. +# +#icp_hit_stale off + +# TAG: minimum_direct_hops +# If using the ICMP pinging stuff, do direct fetches for sites +# which are no more than this many hops away. +# +#minimum_direct_hops 4 + +# TAG: cachemgr_passwd +# Specify passwords for cachemgr operations. +# +# Usage: cachemgr_passwd password action action ... +# +# Some valid actions are (see cache manager menu for a full list): +# 5min +# 60min +# asndb +# authenticator +# cbdata +# client_list +# comm_incoming +# config * +# counters +# delay +# digest_stats +# dns +# events +# filedescriptors +# fqdncache +# histograms +# http_headers +# info +# io +# ipcache +# mem +# menu +# netdb +# non_peers +# objects +# pconn +# peer_select +# redirector +# refresh +# server_list +# shutdown * +# store_digest +# storedir +# utilization +# via_headers +# vm_objects +# +# * Indicates actions which will not be performed without a +# valid password, others can be performed if not listed here. +# +# To disable an action, set the password to "disable". +# To allow performing an action without a password, set the +# password to "none". +# +# Use the keyword "all" to set the same password for all actions. +# +#cachemgr_passwd secret shutdown +#cachemgr_passwd lesssssssecret info stats/objects +#cachemgr_passwd disable all + +# TAG: store_avg_object_size (kbytes) +# Average object size, used to estimate number of objects your +# cache can hold. See doc/Release-Notes-1.1.txt. The default is +# 13 KB. +# +#store_avg_object_size 13 KB + +# TAG: store_objects_per_bucket +# Target number of objects per bucket in the store hash table. +# Lowering this value increases the total number of buckets and +# also the storage maintenance rate. The default is 50. +# +#store_objects_per_bucket 50 + +# TAG: client_db on|off +# If you want to disable collecting per-client statistics, then +# turn off client_db here. +# +#client_db on + +# TAG: netdb_low +# TAG: netdb_high +# The low and high water marks for the ICMP measurement +# database. These are counts, not percents. The defaults are +# 900 and 1000. When the high water mark is reached, database +# entries will be deleted until the low mark is reached. +# +#netdb_low 900 +#netdb_high 1000 + +# TAG: netdb_ping_period +# The minimum period for measuring a site. There will be at +# least this much delay between successive pings to the same +# network. The default is five minutes. +# +#netdb_ping_period 5 minutes + +# TAG: query_icmp on|off +# If you want to ask your peers to include ICMP data in their ICP +# replies, enable this option. +# +# If your peer has configured Squid (during compilation) with +# '--enable-icmp' then that peer will send ICMP pings to origin server +# sites of the URLs it receives. If you enable this option then the +# ICP replies from that peer will include the ICMP data (if available). +# Then, when choosing a parent cache, Squid will choose the parent with +# the minimal RTT to the origin server. When this happens, the +# hierarchy field of the access.log will be +# "CLOSEST_PARENT_MISS". This option is off by default. +# +#query_icmp off + +# TAG: test_reachability on|off +# When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH +# instead of ICP_MISS if the target host is NOT in the ICMP +# database, or has a zero RTT. +# +#test_reachability off + +# TAG: buffered_logs on|off +# Some log files (cache.log, useragent.log) are written with +# stdio functions, and as such they can be buffered or +# unbuffered. By default they will be unbuffered. Buffering them +# can speed up the writing slightly (though you are unlikely to +# need to worry). +#buffered_logs off + +# TAG: reload_into_ims on|off +# When you enable this option, client no-cache or ``reload'' +# requests will be changed to If-Modified-Since requests. +# Doing this VIOLATES the HTTP standard. Enabling this +# feature could make you liable for problems which it +# causes. +# +# see also refresh_pattern for a more selective approach. +# +# This option may be disabled by using --disable-http-violations +# with the configure script. +#reload_into_ims off + +# TAG: always_direct +# Usage: always_direct allow|deny [!]aclname ... +# +# Here you can use ACL elements to specify requests which should +# ALWAYS be forwarded directly to origin servers. For example, +# to always directly forward requests for local servers use +# something like: +# +# acl local-servers dstdomain my.domain.net +# always_direct allow local-servers +# +# To always forward FTP requests directly, use +# +# acl FTP proto FTP +# always_direct allow FTP +# +# NOTE: There is a similar, but opposite option named +# 'never_direct'. You need to be aware that "always_direct deny +# foo" is NOT the same thing as "never_direct allow foo". You +# may need to use a deny rule to exclude a more-specific case of +# some other rule. Example: +# +# acl local-external dstdomain external.foo.net +# acl local-servers dstdomain foo.net +# always_direct deny local-external +# always_direct allow local-servers +# +# This option replaces some v1.1 options such as local_domain +# and local_ip. + +# TAG: never_direct +# Usage: never_direct allow|deny [!]aclname ... +# +# never_direct is the opposite of always_direct. Please read +# the description for always_direct if you have not already. +# +# With 'never_direct' you can use ACL elements to specify +# requests which should NEVER be forwarded directly to origin +# servers. For example, to force the use of a proxy for all +# requests, except those in your local domain use something like: +# +# acl local-servers dstdomain foo.net +# acl all src 0.0.0.0/0.0.0.0 +# never_direct deny local-servers +# never_direct allow all +# +# or if squid is inside a firewall and there is local intranet +# servers inside the firewall then use something like: +# +# acl local-intranet dstdomain foo.net +# acl local-external dstdomain external.foo.net +# always_direct deny local-external +# always_direct allow local-intranet +# never_direct allow all +# +# This option replaces some v1.1 options such as inside_firewall +# and firewall_ip. + +# TAG: anonymize_headers +# Usage: anonymize_headers allow|deny header_name ... +# +# This option replaces the old 'http_anonymizer' option with +# something that is much more configurable. You may now +# specify exactly which headers are to be allowed, or which +# are to be removed from outgoing requests. +# +# There are two methods of using this option. You may either +# allow specific headers (thus denying all others), or you +# may deny specific headers (thus allowing all others). +# +# For example, to achieve the same behavior as the old +# 'http_anonymizer standard' option, you should use: +# +# anonymize_headers deny From Referer Server +# anonymize_headers deny User-Agent WWW-Authenticate Link +# +# Or, to reproduce the old 'http_anonymizer paranoid' feature +# you should use: +# +# anonymize_headers allow Allow Authorization Cache-Control +# anonymize_headers allow Content-Encoding Content-Length +# anonymize_headers allow Content-Type Date Expires Host +# anonymize_headers allow If-Modified-Since Last-Modified +# anonymize_headers allow Location Pragma Accept +# anonymize_headers allow Accept-Encoding Accept-Language +# anonymize_headers allow Content-Language Mime-Version +# anonymize_headers allow Retry-After Title Connection +# anonymize_headers allow Proxy-Connection +# +# NOTE: You can not mix "allow" and "deny". All 'anonymize_headers' +# lines must have the same second argument. +# +# By default, all headers are allowed (no anonymizing is +# performed). +# +#anonymize_headers + +# TAG: fake_user_agent +# If you filter the User-Agent header with 'anonymize_headers' it +# may cause some Web servers to refuse your request. Use this to +# fake one up. For example: +# +# fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) +# (credit to Paul Southworth pauls@etext.org for this one!) +# +#fake_user_agent none + +# TAG: icon_directory +# Where the icons are stored. These are normally kept in +# /etc/squid/icons + +# TAG: error_directory +# If you wish to create your own versions of the default +# (English) error files, either to customize them to suit your +# language or company copy the template English files to another +# directory and point this tag at them. + +# TAG: minimum_retry_timeout (seconds) +# This specifies the minimum connect timeout, for when the +# connect timeout is reduced to compensate for the availability +# of multiple IP addresses. +# +# When a connection to a host is initiated, and that host has +# several IP addresses, the default connection timeout is reduced +# by dividing it by the number of addresses. So, a site with 15 +# addresses would then have a timeout of 8 seconds for each +# address attempted. To avoid having the timeout reduced to the +# point where even a working host would not have a chance to +# respond, this setting is provided. The default, and the +# minimum value, is five seconds, and the maximum value is sixty +# seconds, or half of connect_timeout, whichever is greater and +# less than connect_timeout. +# +#minimum_retry_timeout 5 seconds + +# TAG: maximum_single_addr_tries +# This sets the maximum number of connection attempts for a +# host that only has one address (for multiple-address hosts, +# each address is tried once). +# +# The default value is three tries, the (not recommended) +# maximum is 255 tries. A warning message will be generated +# if it is set to a value greater than ten. +# +#maximum_single_addr_tries 3 + +# TAG: snmp_port +# Squid can now serve statistics and status information via SNMP. +# By default it listens to port 3401 on the machine. If you don't +# wish to use SNMP, set this to "0". +# +# NOTE: SNMP support requires use the --enable-snmp configure +# command line option. +#snmp_port 3401 + +# TAG: snmp_access +# Allowing or denying access to the SNMP port. +# +# All access to the agent is denied by default. +# usage: +# +# snmp_access allow|deny [!]aclname ... +# +#Example: +#snmp_access allow snmppublic localhost +#snmp_access deny all + +# TAG: snmp_incoming_address +# TAG: snmp_outgoing_address +# Just like 'udp_incoming_address' above, but for the SNMP port. +# +# snmp_incoming_address is used for the SNMP socket receiving +# messages from SNMP agents. +# snmp_outgoing_address is used for SNMP packets returned to SNMP +# agents. +# +# The default behavior is to not bind to any specific address. +# +# NOTE, snmp_incoming_address and snmp_outgoing_address can not have +# the same value since they both use port 3130. +# +#snmp_incoming_address 0.0.0.0 +#snmp_outgoing_address 0.0.0.0 + +# TAG: as_whois_server +# WHOIS server to query for AS numbers. NOTE: AS numbers are +# queried only when Squid starts up, not for every request. + +# TAG: wccp_router +# Use this option to define your WCCP ``home'' router for +# Squid. Setting the 'wccp_router' to 0.0.0.0 (the default) +# disables WCCP. +#wccp_router 0.0.0.0 + +# TAG: wccp_version +# According to some users, Cisco IOS 11.2 only supports WCCP +# version 3. If you're using that version of IOS, change +# this value to 3. +#wccp_version 4 + +# TAG: wccp_incoming_address +# TAG: wccp_outgoing_address +# wccp_incoming_address Use this option if you require WCCP +# messages to be received on only one +# interface. Do NOT use this option if +# you're unsure how many interfaces you +# have, or if you know you have only one +# interface. +# +# wccp_outgoing_address Use this option if you require WCCP +# messages to be sent out on only one +# interface. Do NOT use this option if +# you're unsure how many interfaces you +# have, or if you know you have only one +# interface. +# +# The default behavior is to not bind to any specific address. +# +# NOTE, wccp_incoming_address and wccp_outgoing_address can not have +# the same value since they both use port 2048. +# +#wccp_incoming_address 0.0.0.0 +#wccp_outgoing_address 0.0.0.0 + + +# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) +# ----------------------------------------------------------------------------- + +# TAG: delay_pools +# This represents the number of delay pools to be used. For example, +# if you have one class 2 delay pool and one class 3 delays pool, you +# have a total of 2 delay pools. +# +# To enable this option, you must use --enable-delay-pools with the +# configure script. +#delay_pools 0 + +# TAG: delay_class +# This defines the class of each delay pool. There must be exactly one +# delay_class line for each delay pool. For example, to define two +# delay pools, one of class 2 and one of class 3, the settings above +# and here would be: +# +#delay_pools 2 # 2 delay pools +#delay_class 1 2 # pool 1 is a class 2 pool +#delay_class 2 3 # pool 2 is a class 3 pool +# +# The delay pool classes are: +# +# class 1 Everything is limited by a single aggregate +# bucket. +# +# class 2 Everything is limited by a single aggregate +# bucket as well as an "individual" bucket chosen +# from bits 25 through 32 of the IP address. +# +# class 3 Everything is limited by a single aggregate +# bucket as well as a "network" bucket chosen +# from bits 17 through 24 of the IP address and a +# "individual" bucket chosen from bits 17 through +# 32 of the IP address. +# +# NOTE: If an IP address is a.b.c.d +# -> bits 25 through 32 are "d" +# -> bits 17 through 24 are "c" +# -> bits 17 through 32 are "c * 256 + d" + +# TAG: delay_access +# This is used to determine which delay pool a request falls into. +# The first matched delay pool is always used, i.e., if a request falls +# into delay pool number one, no more delay are checked, otherwise the +# rest are checked in order of their delay pool number until they have +# all been checked. For example, if you want some_big_clients in delay +# pool 1 and lotsa_little_clients in delay pool 2: +# +#delay_access 1 allow some_big_clients +#delay_access 1 deny all +#delay_access 2 allow lotsa_little_clients +#delay_access 2 deny all + +# TAG: delay_parameters +# This defines the parameters for a delay pool. Each delay pool has +# a number of "buckets" associated with it, as explained in the +# description of delay_class. For a class 1 delay pool, the syntax is: +# +#delay_parameters pool aggregate +# +# For a class 2 delay pool: +# +#delay_parameters pool aggregate individual +# +# For a class 3 delay pool: +# +#delay_parameters pool aggregate network individual +# +# The variables here are: +# +# pool a pool number - ie, a number between 1 and the +# number specified in delay_pools as used in +# delay_class lines. +# +# aggregate the "delay parameters" for the aggregate bucket +# (class 1, 2, 3). +# +# individual the "delay parameters" for the individual +# buckets (class 2, 3). +# +# network the "delay parameters" for the network buckets +# (class 3). +# +# A pair of delay parameters is written restore/maximum, where restore is +# the number of bytes (not bits - modem and network speeds are usually +# quoted in bits) per second placed into the bucket, and maximum is the +# maximum number of bytes which can be in the bucket at any time. +# +# For example, if delay pool number 1 is a class 2 delay pool as in the +# above example, and is being used to strictly limit each host to 64kbps +# (plus overheads), with no overall limit, the line is: +# +#delay_parameters 1 -1/-1 8000/8000 +# +# Note that the figure -1 is used to represent "unlimited". +# +# And, if delay pool number 2 is a class 3 delay pool as in the above +# example, and you want to limit it to a total of 256kbps (strict limit) +# with each 8-bit network permitted 64kbps (strict limit) and each +# individual host permitted 4800bps with a bucket maximum size of 64kb +# to permit a decent web page to be downloaded at a decent speed +# (if the network is not being limited due to overuse) but slow down +# large downloads more significantly: +# +#delay_parameters 2 32000/32000 8000/8000 600/64000 +# +# There must be one delay_parameters line for each delay pool. + +# TAG: delay_initial_bucket_level (percent, 0-100) +# The initial bucket percentage is used to determine how much is put +# in each bucket when squid starts, is reconfigured, or first notices +# a host accessing it (in class 2 and class 3, individual hosts and +# networks only have buckets associated with them once they have been +# "seen" by squid). +# +#delay_initial_bucket_level 50 + +# TAG: incoming_icp_average +# TAG: incoming_http_average +# TAG: min_icp_poll_cnt +# TAG: min_http_poll_cnt +# Heavy voodoo here. I can't even believe you are reading this. +# Are you crazy? Don't even think about adjusting these unless +# you understand the algorithms in comm_select.c first! +# +#incoming_icp_average 6 +#incoming_http_average 4 +#min_icp_poll_cnt 8 +#min_http_poll_cnt 8 + +# TAG: max_open_disk_fds +# TAG: offline_mode +# Enable this option and Squid will never try to validate cached +# objects. + +# TAG: uri_whitespace +# What to do with requests that have whitespace characters in the +# URI. Options: +# +# strip: The whitespace characters are stripped out of the URL. +# This is the behavior recommended by RFC2616. +# deny: The request is denied. The user receives an "Invalid +# Request" message. +# allow: The request is allowed and the URI is not changed. The +# whitespace characters remain in the URI. Note the +# whitespace is passed to redirector processes if they +# are in use. +# encode: The request is allowed and the whitespace characters are +# encoded according to RFC1738. This could be considered +# a violation of the HTTP/1.1 +# RFC because proxies are not allowed to rewrite URI's. +# chop: The request is allowed and the URI is chopped at the +# first whitespace. This might also be considered a +# violation. +#uri_whitespace strip + +# TAG: broken_posts +# A list of ACL elements which, if matched, causes Squid to send +# a extra CRLF pair after the body of a PUT/POST request. +# +# Some HTTP servers has broken implementations of PUT/POST, +# and rely on a extra CRLF pair sent by some WWW clients. +# +# Quote from RFC 2068 section 4.1 on this matter: +# +# Note: certain buggy HTTP/1.0 client implementations generate an +# extra CRLF's after a POST request. To restate what is explicitly +# forbidden by the BNF, an HTTP/1.1 client must not preface or follow +# a request with an extra CRLF. +# +#acl buggy_server url_regex ^http://.... +#broken_posts allow buggy_server + +# TAG: mcast_miss_addr +# If you enable this option, every "cache miss" URL will +# be sent out on the specified multicast address. +# +# Do not enable this option unless you are are absolutely +# certain you understand what you are doing. + +# TAG: mcast_miss_ttl +# This is the time-to-live value for packets multicasted +# when multicasting off cache miss URLs is enabled. By +# default this is set to 'site scope', i.e. 16. + +# TAG: mcast_miss_port +# This is the port number to be used in conjunction with +# 'mcast_miss_addr'. + +# TAG: mcast_miss_encode_key +# The URLs that are sent in the multicast miss stream are +# encrypted. This is the encryption key. + +# TAG: prefer_direct +# By default, if the ICP, HTCP, Cache Digest, etc. techniques +# do not yield a parent cache, Squid gives higher preference +# to forwarding the request direct to origin servers, rather +# than selecting a parent cache anyway. +# +# If you want Squid to give higher precedence to a parent +# cache, instead of going direct, then turn this option off. +#prefer_direct on + +# TAG: strip_query_terms +# By default, Squid strips query terms from requested URLs before +# logging. This protects your user's privacy. +#strip_query_terms on + +# TAG: coredump_dir +# By default Squid leaves core files in the first cache_dir +# directory. If you set 'coredump_dir' to a directory +# that exists, Squid will chdir() to that directory at startup +# and coredump files will be left there. + +# TAG: redirector_bypass +# When this is 'on', a request will not go through the +# redirector if all redirectors are busy. If this is 'off' +# and the redirector queue grows too large, Squid will exit +# with a FATAL error and ask you to increase the number of +# redirectors. You should only enable this if the redirectors +# are not critical to your caching system. If you use +# redirectors for access control, and you enable this option, +# then users may have access to pages that they should not +# be allowed to request. + +# TAG: ignore_unknown_nameservers +# By default Squid checks that DNS responses are received +# from the same IP addresses that they are sent to. If they +# don't match, Squid ignores the response and writes a warning +# message to cache.log. You can allow responses from unknown +# nameservers by setting this option to 'off'. +#ignore_unknown_nameservers on + +# TAG: digest_generation +# This controls whether the server will generate a Cache Digest +# of its contents. By default, Cache Digest generation is +# enabled if Squid is compiled with USE_CACHE_DIGESTS defined. +#digest_generation on + +# TAG: digest_bits_per_entry +# This is the number of bits of the server's Cache Digest which +# will be associated with the Digest entry for a given HTTP +# Method and URL (public key) combination. The default is 5. +#digest_bits_per_entry 5 + +# TAG: digest_rebuild_period (seconds) +# This is the number of seconds between Cache Digest rebuilds. +# By default the server's Digest is rebuilt every hour. +#digest_rebuild_period 1 hour + +# TAG: digest_rewrite_period (seconds) +# This is the number of seconds between Cache Digest writes to +# disk. By default the server's Digest is written to disk every +# hour. +#digest_rewrite_period 1 hour + +# TAG: digest_swapout_chunk_size (bytes) +# This is the number of bytes of the Cache Digest to write to +# disk at a time. It defaults to 4096 bytes (4KB), the Squid +# default swap page. +#digest_swapout_chunk_size 4096 bytes + +# TAG: digest_rebuild_chunk_percentage (percent, 0-100) +# This is the percentage of the Cache Digest to be scanned at a +# time. By default it is set to 10% of the Cache Digest. +#digest_rebuild_chunk_percentage 10 + +# TAG: chroot +# Use this to have Squid do a chroot() while initializing. This +# also causes Squid to fully drop root privileges after +# initializing. This means, for example, that if you use a HTTP +# port less than 1024 and try to reconfigure, you will get an +# error. + +# TAG: client_persistent_connections +# TAG: server_persistent_connections +# Persistent connection support for clients and servers. By +# default, Squid uses persistent connections (when allowed) +# with its clients and servers. You can use these options to +# disable persistent connections with clients and/or servers. +#client_persistent_connections on +#server_persistent_connections on + diff --git a/net-www/squid/squid-2.3.STABLE4-r1.ebuild b/net-www/squid/squid-2.3.STABLE4-r1.ebuild new file mode 100644 index 000000000000..ae2b85c6e95e --- /dev/null +++ b/net-www/squid/squid-2.3.STABLE4-r1.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/net-www/squid/squid-2.3.STABLE4-r1.ebuild,v 1.1 2000/08/10 01:53:40 achim Exp $ + +P=squid-2.3.STABLE4 +A=${P}-src.tar.gz +S=${WORKDIR}/${P} +CATEGORY="net-www" +DESCRIPTION="SQUID - Web Proxy Server" +SRC_URI="http://www.squid-cache.org/Versions/v2/2.3/"${A} +HOMEPAGE="http://www.squid-cache.org/" + +src_compile() { + cd ${S} + LDFLAGS="$LDFLAGS -lresolv" ./configure --host=${CHOST} \ + --prefix=/usr --sysconfdir=/etc/squid \ + --localstatedir=/var/squid + --enable-ipf-transparent --enable-useragent-log \ + --enable-async-io --enable-icmp + make + cd ${S}/auth_modules/LDAP + make + cd ../PAM + make + cd ../SMB + make + cd ../LDAP + make + cd ../NCSA + make + +} + +src_install() { + cd ${S} + rm -rf ${D} + dodir /usr/bin + dodir /etc/squid + dodir /var/squid + chown squid.daemon ${D}/var/squid + make install prefix=${D}/usr sysconfdir=${D}/etc/squid \ + localstatedir=${D}/var/squid + into /usr + cd auth_modules + dobin LDAP/squid_ldap_auth PAM/pam_auth SMB/smb_auth NCSA/ncsa_auth + cd ../doc + doman tree.3 + dodoc *.txt + cd .. + dodoc README QUICKSTART CONTRIBUTORS COPYRIGHT COPYING CREDITS + dodoc ChangeLog TODO + cp ${O}/files/squid.conf ${D}/etc/squid + dodir /etc/rc.d/init.d + cp ${O}/files/squid ${D}/etc/rc.d/init.d + rm -r ${D}/var/squid + dodir /var/log/squid + dodir /var/cache/squid + fowners squid.daemon /var/log/squid + fowners squid.daemon /var/cache/squid + fperms 644 /var/log/squid + fperms 644 /var/cache/squid +} + +pkg_config() { + + . ${ROOT}/etc/rc.d/config/functions + + einfo "Generating symlinks..." + ${ROOT}/usr/sbin/rc-update add squid + +} diff --git a/net-www/w3m/files/config.param b/net-www/w3m/files/config.param new file mode 100644 index 000000000000..dca364cb7685 --- /dev/null +++ b/net-www/w3m/files/config.param @@ -0,0 +1,24 @@ +# Configuretion at gentoolinux.mydomain +def_bindir='/usr/bin' +def_libdir='/usr/lib/w3m' +def_helpdir='/usr/lib/w3m' +pref_lang=2 +lynx_key=n +ftppass_hostnamegen=n +show_params=n +use_nntp=n +use_color=y +use_menu=y +use_mouse=y +use_cookie=y +use_ssl=y +dmodel=5 +use_ssl_verify=y +ded='/usr/bin/vi' +dmail='mailx' +dbrowser='/usr/X11R6/bin/netscape' +dcc='gcc' +dcflags='-O6 -mpentium' +dtermlib='-lncurses' +dldflags='' + diff --git a/net-www/w3m/files/digest b/net-www/w3m/files/digest new file mode 100644 index 000000000000..95b179d05e68 --- /dev/null +++ b/net-www/w3m/files/digest @@ -0,0 +1 @@ +MD5 2e0ed5e8db8ac8d7eb1e6996b74ace1d w3m-0.1.10.tar.gz diff --git a/net-www/w3m/files/w3m-0.1.10.diff.gz b/net-www/w3m/files/w3m-0.1.10.diff.gz Binary files differnew file mode 100644 index 000000000000..d87f6fdda787 --- /dev/null +++ b/net-www/w3m/files/w3m-0.1.10.diff.gz diff --git a/net-www/w3m/w3m-0.1.10-r1.ebuild b/net-www/w3m/w3m-0.1.10-r1.ebuild new file mode 100644 index 000000000000..8268bcbb0ed1 --- /dev/null +++ b/net-www/w3m/w3m-0.1.10-r1.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/net-www/w3m/w3m-0.1.10-r1.ebuild,v 1.1 2000/08/10 01:53:40 achim Exp $ + +P=w3m-0.1.10 +A=${P}.tar.gz +S=${WORKDIR}/${P} +CATEGORY="net-www" +DESCRIPTION="Text based WWW browser, supports tables and frames" +SRC_URI="ftp://ei5nazha.yz.yamagata-u.ac.jp/w3m/${A} + ftp://ftp.umlauf.de/pub/w3m/${A}" +HOMEPAGE="http://ei5nazha.yz.yamagata-u.ac.jp/~aito/w3m/eng/" +src_unpack() { + unpack ${A} + cd ${S} + zcat ${O}/files/${P}.diff.gz | patch -p1 + sed -e "s:^def_libdir.*:def_libdir='/usr/libexec/w3m':" \ + -e "s:^def_helpdir.*:def_helpdir='/usr/doc/${P}/html':" \ + -e "s:gentoolinux\.mydomain:${HOSTNAME}:" \ + ${O}/files/config.param > config.param +} + +src_compile() { + cd ${S} + ./configure --prefix=/usr --nonstop -lang=en -model=monster -cflags="${CFLAGS}" + make +} + +src_install() { + cd ${S} + make DESTDIR=${D} install + dodoc doc/README* doc/*.default doc/menu.submenu doc/HISTORY + doman doc/w3m.1 +} + + + + + |